Move fips_test_suite rules from fips/Makefile to test/Makefile.

Eliminate dependency on UNICODE macro.
Fix typos in apps/apps.c.
2005-06-27 22:08:58 +00:00 · 2005-06-27 21:14:15 +00:00 · 2005-06-27 16:00:57 +00:00 · 2005-06-26 21:48:19 +00:00 · 2005-06-26 17:24:48 +00:00 · 2005-06-26 16:25:25 +00:00
113 changed files with 3960 additions and 3689 deletions
--- a/11
+++ b/11
@@ -4,6 +4,17 @@

 Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]

+  *) Minimal support for X9.31 signatures and PSS padding modes. This is
+     mainly for FIPS compliance and not fully integrated at this stage.
+     [Steve Henson]
+
+  *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+     the exponentiation using a fixed-length exponent.  (Otherwise,
+     the information leaked through timing could expose the secret key
+     after many signatures; cf. Bleichenbacher's attack on DSA with
+     biased k.)
+     [Bodo Moeller]
+
  *) Make a new fixed-window mod_exp implementation the default for
     RSA, DSA, and DH private-key operations so that the sequence of
     squares and multiplies and the memory access pattern are
--- a/14
+++ b/14
@@ -280,10 +280,10 @@ my %table=(
 "hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:-b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:-b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
 # with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -409,8 +409,8 @@ my %table=(
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc",   "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc",   "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -539,7 +539,7 @@ my %table=(
 "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:-D_WINDLL::.dll.a",

 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM=\"/dev/urandom\\x24\":::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -878,7 +878,7 @@ PROCESS_ARGS:
 			}
 		else
 			{
-			die "target already defined - $target\n" if ($target ne "");
+			die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
 			$target=$_;
 			}
 		unless ($_ eq $target) {
@@ -1151,7 +1151,7 @@ if (!$no_shared)
 	{
 	if ($shared_cflag ne "")
 		{
-		$cflags = "$shared_cflag $cflags";
+		$cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
 		}
 	}

--- a/4
+++ b/4
@@ -141,8 +141,8 @@ less Unix-centric, it might have been used much earlier.

 With version 0.9.6 OpenSSL was extended to interface to external crypto
 hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 (not yet released) the changes were merged into the main
-development line, so that the special release is no longer necessary.
+version 0.9.7 the changes were merged into the main development line,
+so that the special release is no longer necessary.

 * How do I check the authenticity of the OpenSSL distribution?

--- a/Makefile.org
+++ b/Makefile.org
@@ -187,7 +187,7 @@ SDIRS=  objects \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

-FDIRS=	sha1 rand des aes dsa rsa dh hmac
+FDIRS=	sha rand des aes dsa rsa dh hmac

 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
@@ -230,7 +230,7 @@ sigs:	$(SIGS)
 libcrypto.a.sha1: libcrypto.a
 	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		$(RANLIB) libcrypto.a; \
-		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
+		fips/sha/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
 	fi

 sub_all:
@@ -258,6 +258,9 @@ sub_target:
 libcrypto$(SHLIB_EXT): libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		$(MAKE) SHLIBDIRS=crypto build-shared; \
+        	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+                    fips/sha/fips_standalone_sha1 -binary $@ > $@.$${HMAC_EXT:-sha1}; \
+		fi; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
@@ -340,7 +343,7 @@ do_cygwin-shared:
 	[ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \
 	[ -f apps/$$shlib ] && rm apps/$$shlib; \
 	[ -f test/$$shlib ] && rm test/$$shlib; \
-	base=;  [ $$i = "crypto" ] && base=-Wl,--image-base,0x61200000; \
+	base=;  [ $$i = "crypto" ] && base=-Wl,--image-base,0x63000000; \
 	( set -x; ${CC} ${SHARED_LDFLAGS} \
 		-shared $$base -o $$shlib \
 		-Wl,-Bsymbolic \
@@ -515,7 +518,7 @@ do_hpux-shared:
 	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
 	( set -x; ${CC} ${SHARED_LDFLAGS} \
 		-Wl,-B,symbolic,+vnocompatwarnings,-z,+h,$$shlib \
-		-o $$shlib $$ALLSYMSFLAGS lib$$i.a -ldld ) || exit 1; \
+		-o $$shlib $$ALLSYMSFLAGS,lib$$i.a -ldld ) || exit 1; \
 	chmod a=rx $$shlib; \
 	done

@@ -723,11 +726,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
 apps/openssl-vms.cnf: apps/openssl.cnf
 	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf

+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE

-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend

 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
@@ -809,7 +816,16 @@ install_sw:
 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					mv -f	$(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new \
+						$(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					sig="$$i.$${HMAC_EXT:-sha1}"; \
+					if [ -f $$sig ]; then \
+						echo installing $$sig; \
+						cp $$sig $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$sig.new; \
+						chmod 444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$sig.new; \
+						mv -f	$(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$sig.new \
+							$(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$sig; \
+					fi; \
 				else \
 					c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
@@ -866,8 +882,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			grep -v $$filecase "^$$fn\$$" | \
-			grep -v "[	]" | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -883,8 +899,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			grep -v $$filecase "^$$fn\$$" | \
-			grep -v "[	]" | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
--- a/56
+++ b/56
@@ -48,20 +48,28 @@ will interfere with each other and lead to test failure.
 The solution is simple for now: don't run parallell make when testing.


-* Bugs in gcc 3.0 triggered
+* Bugs in gcc triggered

-According to a problem report, there are bugs in gcc 3.0 that are
-triggered by some of the code in OpenSSL, more specifically in
-PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
+- According to a problem report, there are bugs in gcc 3.0 that are
+  triggered by some of the code in OpenSSL, more specifically in
+  PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:

 	header+=11;
 	if (*header != '4') return(0); header++;
 	if (*header != ',') return(0); header++;

-What happens is that gcc might optimize a little too agressively, and
-you end up with an extra incrementation when *header != '4'.
+  What happens is that gcc might optimize a little too agressively, and
+  you end up with an extra incrementation when *header != '4'.

-We recommend that you upgrade gcc to as high a 3.x version as you can.
+  We recommend that you upgrade gcc to as high a 3.x version as you can.
+
+- According to multiple problem reports, some of our message digest
+  implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
+  and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
+  latter - SHA one.
+
+  The recomendation is to upgrade your compiler. This naturally applies to
+  other similar cases.

 * solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.

@@ -120,3 +128,37 @@ Any information helping to solve this issue would be deeply
 appreciated.

 NOTE: building non-shared doesn't come with this problem.
+
+* ULTRIX build fails with shell errors, such as "bad substitution"
+  and "test: argument expected"
+
+The problem is caused by ULTRIX /bin/sh supporting only original
+Bourne shell syntax/semantics, and the trouble is that the vast
+majority is so accustomed to more modern syntax, that very few
+people [if any] would recognize the ancient syntax even as valid.
+This inevitably results in non-trivial scripts breaking on ULTRIX,
+and OpenSSL isn't an exclusion. Fortunately there is workaround,
+hire /bin/ksh to do the job /bin/sh fails to do.
+
+1. Trick make(1) to use /bin/ksh by setting up following environ-
+   ment variables *prior* you execute ./Configure and make:
+
+	PROG_ENV=POSIX
+	MAKESHELL=/bin/ksh
+	export PROG_ENV MAKESHELL
+
+   or if your shell is csh-compatible:
+
+	setenv PROG_ENV POSIX
+	setenv MAKESHELL /bin/ksh
+
+2. Trick /bin/sh to use alternative expression evaluator. Create
+   following 'test' script for example in /tmp:
+
+	#!/bin/ksh
+	${0##*/} "$@"
+
+   Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
+   your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
+   natively just replace system /bin/test and /bin/[ with the
+   above script.
--- a/10
+++ b/10
@@ -127,7 +127,7 @@ $arflags      =

 *** DJGPP
 $cc           = gcc
-$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM="/dev/urandom\x24"
+$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MSDOS
@@ -2332,7 +2332,7 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -Wl,+s,+b,$(INSTALLTOP)/lib -ldl
-$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
+$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $bn_obj       = asm/ia64-cpp.o
 $des_obj      = 
 $bf_obj       = 
@@ -2607,7 +2607,7 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -Wl,+s,+b,$(INSTALLTOP)/lib -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $bn_obj       = asm/ia64-cpp.o
 $des_obj      = 
 $bf_obj       = 
@@ -3082,7 +3082,7 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
 $bn_obj       = asm/ia64.o
 $des_obj      = 
 $bf_obj       = 
@@ -3107,7 +3107,7 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
 $bn_obj       = asm/ia64.o
 $des_obj      = 
 $bf_obj       = 
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -101,8 +101,17 @@ install:
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-	 done;
+	 mv -f  $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new \
+	 	$(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	 sig="$$i.$${HMAC_EXT:-sha1}"; \
+	 if [ -f $$sig ]; then \
+	  echo installing $$sig; \
+	  cp $$sig $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$sig.new; \
+	  chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$sig.new; \
+	  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$sig.new \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$sig; \
+	 fi; \
+	) done;
 	@for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
@@ -143,16 +152,20 @@ $(DLIBCRYPTO):

 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
+	SHARED_LIBS="$(SHARED_LIBS)"; \
 	if [ "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  SHARED_LIBS=""; \
+	fi; \
+	if [ -z "$(SHARED_LIBS)" ]; then \
 	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
-	elif [ -z "$(SHARED_LIBS)" ]; then \
-	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	else \
 	  set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	  $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
-	fi
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-		TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
+	fi; \
+	if [ -z "$$SHARED_LIBS" ]; then \
+	  if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+	    TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
+	  fi; \
 	fi
 	-(cd ..; \
 	  OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1591,8 +1591,9 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR)
+			&& errno != ENOTDIR
 #endif
+		   )
 			goto err;
 		}
 	else
@@ -1893,8 +1894,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR)
+			&& errno != ENOTDIR
 #endif
+		   )
 			goto err;
 		}
 	else
@@ -1929,8 +1931,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR)
+			&& errno != ENOTDIR
 #endif
+		   )
 			goto err;
 		}
 	else
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -88,6 +88,9 @@ int MAIN(int argc, char **argv)
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long l;
+#ifdef OPENSSL_FIPS
+	int use_x931 = 0;
+#endif
 	const EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
@@ -126,6 +129,10 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
+#ifdef OPENSSL_FIPS
+		else if (strcmp(*argv,"-x931") == 0)
+			use_x931 = 1;
+#endif
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
@@ -233,11 +240,27 @@ bad:

 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
+#ifdef OPENSSL_FIPS
+	if (use_x931)
+		{
+		BIGNUM *pubexp;
+		pubexp = BN_new();
+		BN_set_word(pubexp, f4);
+		rsa = RSA_X931_generate_key(num, pubexp, genrsa_cb, bio_err);
+		BN_free(pubexp);
+		}
+	else
+#endif
+		rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
 		
 	app_RAND_write_file(NULL, bio_err);

-	if (rsa == NULL) goto err;
+	if (rsa == NULL)
+		{
+		BIO_printf(bio_err, "Key Generation error\n");
+
+		goto err;
+		}
 	
 	/* We need to do the following for when the base number size is <
 	 * long, esp windows 3.1 :-(. */
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -650,7 +650,7 @@ $ CCDEFS = "MONOLITH"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -147,6 +147,7 @@ int MAIN(int argc, char **argv)
 		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
 		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
 		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
+		else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
 		else if(!strcmp(*argv, "-sign")) {
 			rsa_mode = RSA_SIGN;
 			need_priv = 1;
--- a/argena.pem
+++ b/argena.pem
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx
+EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH
+RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl
+MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP
+QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe
+Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ
+MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF
+IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw
+IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B
+LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679
+tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM
+e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2
+4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ
+W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6
+2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID
+AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV
+HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG
+EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK
+EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0
+aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD
+VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0
+LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G
+CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD
+CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq
+KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0
+aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h
+LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m
+b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93
+d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt
+Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF
+BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK
+Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG
+HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW
+3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW
+msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG
+J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg=
+-----END CERTIFICATE-----
--- a/argeng.pem
+++ b/argeng.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx
+EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn
+ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu
+c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx
+MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD
+VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0
+ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0
+ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1
+XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb
+Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3
+NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB
+xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG
+A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG
+A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm
+dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu
+LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
+AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV
+AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA
+x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3
+US0spjsDPQ==
+-----END CERTIFICATE-----
--- a/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
@@ -31,12 +31,12 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
 	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
 	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
-	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
+	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_x931p.c

 LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
 	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
 	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
-	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
+	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_x931p.o

 SRC= $(LIBSRC)

--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -231,6 +231,8 @@ extern "C" {
 #define BN_set_flags(b,n)	((b)->flags|=(n))
 #define BN_get_flags(b,n)	((b)->flags&(n))

+/* get a clone of a BIGNUM with changed flags, for *temporary* use only
+ * (the two BIGNUMs cannot not be used in parallel!) */
 #define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
                                  (dest)->top=(b)->top, \
                                  (dest)->dmax=(b)->dmax, \
@@ -436,6 +438,19 @@ int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
 	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
 	int do_trial_division);

+#ifdef OPENSSL_FIPS
+int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+			const BIGNUM *e, BN_CTX *ctx);
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+			BIGNUM *Xp1, BIGNUM *Xp2,
+			const BIGNUM *Xp,
+			const BIGNUM *e, BN_CTX *ctx,
+			void (*cb)(int, int, void *), void *cb_arg);
+#endif
+
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
 int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
--- a/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
@@ -237,7 +237,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 	if (d == 0) return(BN_MASK2);

 	i=BN_num_bits_word(d);
-	assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i));
+	assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));

 	i=BN_BITS2-i;
 	if (h >= d) h-=d;
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -0,0 +1,282 @@
+/* bn_x931p.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+/* X9.31 routines for prime derivation */
+
+
+/* X9.31 prime derivation. This is used to generate the primes pi
+ * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
+ * integers.
+ */
+
+static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
+			void (*cb)(int, int, void *), void *cb_arg)
+	{
+	int i = 0;
+	if (!BN_copy(pi, Xpi))
+		return 0;
+	if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
+		return 0;
+	for(;;)
+		{
+		i++;
+		if (cb)
+			cb(0, i, cb_arg);
+		/* NB 27 MR is specificed in X9.31 */
+		if (BN_is_prime_fasttest(pi, 27, cb, ctx, cb_arg, 1))
+			break;
+		if (!BN_add_word(pi, 2))
+			return 0;
+		}
+	if (cb)
+		cb(2, i, cb_arg);
+	return 1;
+	}
+
+/* This is the main X9.31 prime derivation function. From parameters
+ * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
+ * not NULL they will be returned too: this is needed for testing.
+ */
+
+int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+			const BIGNUM *e, BN_CTX *ctx)
+	{
+	int ret = 0;
+
+	BIGNUM *t, *p1p2, *pm1;
+
+	/* Only even e supported */
+	if (!BN_is_odd(e))
+		return 0;
+
+	BN_CTX_start(ctx);
+	if (!p1)
+		p1 = BN_CTX_get(ctx);
+
+	if (!p2)
+		p2 = BN_CTX_get(ctx);
+
+	t = BN_CTX_get(ctx);
+
+	p1p2 = BN_CTX_get(ctx);
+
+	pm1 = BN_CTX_get(ctx);
+
+	if (!bn_x931_derive_pi(p1, Xp1, ctx, cb, cb_arg))
+		goto err;
+
+	if (!bn_x931_derive_pi(p2, Xp2, ctx, cb, cb_arg))
+		goto err;
+
+	if (!BN_mul(p1p2, p1, p2, ctx))
+		goto err;
+
+	/* First set p to value of Rp */
+
+	if (!BN_mod_inverse(p, p2, p1, ctx))
+		goto err;
+
+	if (!BN_mul(p, p, p2, ctx))
+		goto err;
+
+	if (!BN_mod_inverse(t, p1, p2, ctx))
+		goto err;
+
+	if (!BN_mul(t, t, p1, ctx))
+		goto err;
+
+	if (!BN_sub(p, p, t))
+		goto err;
+
+	if (p->neg && !BN_add(p, p, p1p2))
+		goto err;
+
+	/* p now equals Rp */
+
+	if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
+		goto err;
+
+	if (!BN_add(p, p, Xp))
+		goto err;
+
+	/* p now equals Yp0 */
+
+	for (;;)
+		{
+		int i = 1;
+		if (cb)
+			cb(0, i++, cb_arg);
+		if (!BN_copy(pm1, p))
+			goto err;
+		if (!BN_sub_word(pm1, 1))
+			goto err;
+		if (!BN_gcd(t, pm1, e, ctx))
+			goto err;
+		if (BN_is_one(t)
+		/* X9.31 specifies 8 MR and 1 Lucas test or any prime test
+		 * offering similar or better guarantees 50 MR is considerably 
+		 * better.
+		 */
+			&& BN_is_prime_fasttest(p, 50, cb, ctx, cb_arg, 1))
+			break;
+		if (!BN_add(p, p, p1p2))
+			goto err;
+		}
+
+	if (cb)
+		cb(3, 0, cb_arg);
+
+	ret = 1;
+
+	err:
+
+	BN_CTX_end(ctx);
+
+	return ret;
+	}
+
+/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
+ * Note: nbits paramter is sum of number of bits in both.
+ */
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
+	{
+	BIGNUM *t;
+	int i;
+	/* Number of bits for each prime is of the form
+	 * 512+128s for s = 0, 1, ...
+	 */
+	if ((nbits < 1024) || (nbits & 0xff))
+		return 0;
+	nbits >>= 1;
+	/* The random value Xp must be between sqrt(2) * 2^(nbits-1) and
+	 * 2^nbits - 1. By setting the top two bits we ensure that the lower
+	 * bound is exceeded.
+	 */
+	if (!BN_rand(Xp, nbits, 1, 0))
+		return 0;
+
+	BN_CTX_start(ctx);
+	t = BN_CTX_get(ctx);
+
+	for (i = 0; i < 1000; i++)
+		{
+		if (!BN_rand(Xq, nbits, 1, 0))
+			return 0;
+		/* Check that |Xp - Xq| > 2^(nbits - 100) */
+		BN_sub(t, Xp, Xq);
+		if (BN_num_bits(t) > (nbits - 100))
+			break;
+		}
+
+	BN_CTX_end(ctx);
+
+	if (i < 1000)
+		return 1;
+
+	return 0;
+
+	}
+
+/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
+ * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
+ * the relevant parameter will be stored in it.
+ *
+ * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq
+ * are generated using the previous function and supplied as input.
+ */
+
+int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+			BIGNUM *Xp1, BIGNUM *Xp2,
+			const BIGNUM *Xp,
+			const BIGNUM *e, BN_CTX *ctx,
+			void (*cb)(int, int, void *), void *cb_arg)
+	{
+	int ret = 0;
+
+	BN_CTX_start(ctx);
+	if (!Xp1)
+		Xp1 = BN_CTX_get(ctx);
+	if (!Xp2)
+		Xp2 = BN_CTX_get(ctx);
+
+	if (!BN_rand(Xp1, 101, 0, 0))
+		goto error;
+	if (!BN_rand(Xp2, 101, 0, 0))
+		goto error;
+	if (!BN_X931_derive_prime(p, p1, p2, cb, cb_arg,
+						Xp, Xp1, Xp2, e, ctx))
+		goto error;
+
+	ret = 1;
+
+	error:
+	BN_CTX_end(ctx);
+
+	return ret;
+
+	}
+
+#endif
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -53,7 +53,9 @@ static COMP_METHOD zlib_method={
 # include <windows.h>

 # define Z_CALLCONV _stdcall
-# define ZLIB_SHARED
+# ifndef ZLIB_SHARED
+#  define ZLIB_SHARED
+# endif
 #else
 # define Z_CALLCONV
 #endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -184,10 +184,10 @@ $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
 $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
 	"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
 	"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
-	"bn_recp,bn_mont,bn_mpi,bn_exp2"
+	"bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p"
 $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
 	"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
-	"rsa_asn1"
+	"rsa_pss,rsa_x931,rsa_asn1"
 $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
 	"ec_err"
 $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
@@ -960,7 +960,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -150,6 +150,7 @@ static int generate_key(DH *dh)

 		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -97,6 +97,7 @@ int DSA_generate_key(DSA *dsa)

 		if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -172,7 +172,7 @@ err:
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
 	BN_CTX *ctx;
-	BIGNUM k,*kinv=NULL,*r=NULL;
+	BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
 	int ret=0;

 	if (!dsa->p || !dsa->q || !dsa->g)
@@ -182,6 +182,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}

 	BN_init(&k);
+	BN_init(&kq);

 	if (ctx_in == NULL)
 		{
@@ -191,7 +192,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		ctx=ctx_in;

 	if ((r=BN_new()) == NULL) goto err;
-	kinv=NULL;

 	/* Get random k */
 	do
@@ -211,7 +211,30 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}

 	/* Compute r = (g^k mod p) mod q */
-	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+
+	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+		{
+		if (!BN_copy(&kq, &k)) goto err;
+
+		/* We do not want timing information to leak the length of k,
+		 * so we compute g^k using an equivalent exponent of fixed length.
+		 *
+		 * (This is a kludge that we need because the BN_mod_exp_mont()
+		 * does not let us specify the desired timing behaviour.) */
+
+		if (!BN_add(&kq, &kq, dsa->q)) goto err;
+		if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+			{
+			if (!BN_add(&kq, &kq, dsa->q)) goto err;
+			}
+
+		K = &kq;
+		}
+	else
+		{
+		K = &k;
+		}
+	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;

@@ -234,6 +257,7 @@ err:
 	if (ctx_in == NULL) BN_CTX_free(ctx);
 	if (kinv != NULL) BN_clear_free(kinv);
 	BN_clear_free(&k);
+	BN_clear_free(&kq);
 	return(ret);
 	}

--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@@ -126,7 +126,8 @@ static int dl_load(DSO *dso)
 		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
 		goto err;
 		}
-	ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
+	ptr = shl_load(filename, BIND_IMMEDIATE |
+		(dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
 	if(ptr == NULL)
 		{
 		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
@@ -281,4 +282,36 @@ static char *dl_name_converter(DSO *dso, const char *filename)
 	return(translated);
 	}

+#ifdef OPENSSL_FIPS
+static void dl_ref_point(){}
+
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+	{
+	struct shl_descriptor inf;
+	int i,len;
+
+	if (addr == NULL)
+		{
+		union { void(*f)(); void *p; } t = { dl_ref_point };
+		addr = t.p;
+		}
+
+	for (i=-1;shl_get_r(i,&inf)==0;i++)
+		{
+		if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+		    ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
+			{
+			len = (int)strlen(inf.filename);
+			if (sz <= 0) return len+1;
+			if (len >= sz) len=sz-1;
+			memcpy(path,inf.filename,len);
+			path[len++] = 0;
+			return len;
+			}
+		}
+
+	return -1;
+	}
+#endif
+
 #endif /* DSO_DL */
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -56,6 +56,10 @@
 *
 */

+#ifdef __linux
+#define _GNU_SOURCE
+#endif
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/dso.h>
@@ -228,7 +232,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
 static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
 	{
 	void *ptr;
-	DSO_FUNC_TYPE sym;
+	DSO_FUNC_TYPE sym, *tsym = &sym;

 	if((dso == NULL) || (symname == NULL))
 		{
@@ -246,7 +250,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
 		return(NULL);
 		}
-	*(void**)(&sym) = dlsym(ptr, symname);
+	*(void**)(tsym) = dlsym(ptr, symname);
 	if(sym == NULL)
 		{
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
@@ -290,4 +294,32 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
 	return(translated);
 	}

+#ifdef OPENSSL_FIPS
+static void dlfcn_ref_point(){}
+
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+	{
+	Dl_info dli;
+	int len;
+
+	if (addr == NULL)
+		{
+		union { void(*f)(void); void *p; } t = { dlfcn_ref_point };
+		addr = t.p;
+		}
+
+	if (dladdr(addr,&dli))
+		{
+		len = (int)strlen(dli.dli_fname);
+		if (sz <= 0) return len+1;
+		if (len >= sz) len=sz-1;
+		memcpy(path,dli.dli_fname,len);
+		path[len++]=0;
+		return len;
+		}
+
+	ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
+	return -1;
+	}
+#endif
 #endif /* DSO_DLFCN */
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
@@ -68,6 +68,25 @@ DSO_METHOD *DSO_METHOD_win32(void)
 	}
 #else

+#ifdef _WIN32_WCE
+# if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
+	{
+	WCHAR lpProcNameW[64];
+	int i;
+
+	for (i=0;lpProcName[i] && i<64;i++)
+		lpProcNameW[i] = (WCHAR)lpProcName[i];
+	if (i==64) return NULL;
+	lpProcNameW[i] = 0;
+
+	return GetProcAddressW(hModule,lpProcNameW);
+	}
+# endif
+# undef GetProcAddress
+# define GetProcAddress GetProcAddressA
+#endif
+
 /* Part of the hack in "win32_load" ... */
 #define DSO_MAX_TRANSLATED_SIZE 256

@@ -122,7 +141,7 @@ static int win32_load(DSO *dso)
 		DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
 		goto err;
 		}
-	h = LoadLibrary(filename);
+	h = LoadLibraryA(filename);
 	if(h == NULL)
 		{
 		DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
--- a/crypto/engine/hw_aep.c
+++ b/crypto/engine/hw_aep.c
@@ -474,6 +474,7 @@ static int aep_init(ENGINE *e)

 	if(aep_dso)
 		DSO_free(aep_dso);
+	aep_dso = NULL;
 		
 	p_AEP_OpenConnection    = NULL;
 	p_AEP_ModExp            = NULL;
--- a/crypto/engine/hw_atalla.c
+++ b/crypto/engine/hw_atalla.c
@@ -375,6 +375,7 @@ static int atalla_init(ENGINE *e)
 err:
 	if(atalla_dso)
 		DSO_free(atalla_dso);
+	atalla_dso = NULL;
 	p_Atalla_GetHardwareConfig = NULL;
 	p_Atalla_RSAPrivateKeyOpFn = NULL;
 	p_Atalla_GetPerformanceStatistics = NULL;
--- a/crypto/engine/hw_cswift.c
+++ b/crypto/engine/hw_cswift.c
@@ -90,6 +90,7 @@ static int cswift_destroy(ENGINE *e);
 static int cswift_init(ENGINE *e);
 static int cswift_finish(ENGINE *e);
 static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);

 /* BIGNUM stuff */
 static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -403,7 +404,10 @@ static int cswift_init(ENGINE *e)
 	return 1;
 err:
 	if(cswift_dso)
+	{
 		DSO_free(cswift_dso);
+		cswift_dso = NULL;
+	}
 	p_CSwift_AcquireAccContext = NULL;
 	p_CSwift_AttachKeyParam = NULL;
 	p_CSwift_SimpleRequest = NULL;
@@ -553,6 +557,29 @@ err:
 	return to_return;
 	}

+
+int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
+{
+	int mod;
+	int numbytes = BN_num_bytes(in);
+
+	mod = 0;
+	while( ((out->nbytes = (numbytes+mod)) % 32) )
+	{
+		mod++;
+	}
+	out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
+	if(!out->value)
+	{
+		return 0;
+	}
+	BN_bn2bin(in, &out->value[mod]);
+	if(mod)
+		memset(out->value, 0, mod);
+
+	return 1;
+}
+
 /* Un petit mod_exp chinois */
 static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *q, const BIGNUM *dmp1,
@@ -562,15 +589,16 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	SW_LARGENUMBER arg, res;
 	SW_PARAM sw_param;
 	SW_CONTEXT_HANDLE hac;
-	BIGNUM *rsa_p = NULL;
-	BIGNUM *rsa_q = NULL;
-	BIGNUM *rsa_dmp1 = NULL;
-	BIGNUM *rsa_dmq1 = NULL;
-	BIGNUM *rsa_iqmp = NULL;
-	BIGNUM *argument = NULL;
 	BIGNUM *result = NULL;
+	BIGNUM *argument = NULL;
 	int to_return = 0; /* expect failure */
 	int acquired = 0;
+
+	sw_param.up.crt.p.value = NULL;
+	sw_param.up.crt.q.value = NULL;
+	sw_param.up.crt.dmp1.value = NULL;
+	sw_param.up.crt.dmq1.value = NULL;
+	sw_param.up.crt.iqmp.value = NULL;
 
 	if(!get_context(&hac))
 		{
@@ -578,44 +606,55 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 		goto err;
 		}
 	acquired = 1;
+
 	/* Prepare the params */
-	BN_CTX_start(ctx);
-	rsa_p = BN_CTX_get(ctx);
-	rsa_q = BN_CTX_get(ctx);
-	rsa_dmp1 = BN_CTX_get(ctx);
-	rsa_dmq1 = BN_CTX_get(ctx);
-	rsa_iqmp = BN_CTX_get(ctx);
-	argument = BN_CTX_get(ctx);
-	result = BN_CTX_get(ctx);
-	if(!result)
+	argument = BN_new();
+	result = BN_new();
+	if(!result || !argument)
 		{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
 		goto err;
 		}
-	if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
-			!bn_wexpand(rsa_dmp1, dmp1->top) ||
-			!bn_wexpand(rsa_dmq1, dmq1->top) ||
-			!bn_wexpand(rsa_iqmp, iqmp->top) ||
-			!bn_wexpand(argument, a->top) ||
+
+
+	sw_param.type = SW_ALG_CRT;
+	/************************************************************************/
+	/* 04/02/2003                                                           */
+	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
+	/* limitation of cswift with values not a multiple of 32                */
+	/************************************************************************/
+	if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(	!bn_wexpand(argument, a->top) ||
 			!bn_wexpand(result, p->top + q->top))
 		{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
 		goto err;
 		}
-	sw_param.type = SW_ALG_CRT;
-	sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
-	sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
-	sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
-	sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
-	sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
-		(unsigned char *)rsa_dmp1->d);
-	sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
-	sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
-		(unsigned char *)rsa_dmq1->d);
-	sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
-	sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
-		(unsigned char *)rsa_iqmp->d);
-	sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+
 	/* Attach the key params */
 	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
 	switch(sw_status)
@@ -654,9 +693,22 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
 	to_return = 1;
 err:
+	if(sw_param.up.crt.p.value)
+		OPENSSL_free(sw_param.up.crt.p.value);
+	if(sw_param.up.crt.q.value)
+		OPENSSL_free(sw_param.up.crt.q.value);
+	if(sw_param.up.crt.dmp1.value)
+		OPENSSL_free(sw_param.up.crt.dmp1.value);
+	if(sw_param.up.crt.dmq1.value)
+		OPENSSL_free(sw_param.up.crt.dmq1.value);
+	if(sw_param.up.crt.iqmp.value)
+		OPENSSL_free(sw_param.up.crt.iqmp.value);
+	if(result)
+		BN_free(result);
+	if(argument)
+		BN_free(argument);
 	if(acquired)
 		release_context(hac);
-	BN_CTX_end(ctx);
 	return to_return;
 	}
 
@@ -665,6 +717,27 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	{
 	BN_CTX *ctx;
 	int to_return = 0;
+	const RSA_METHOD * def_rsa_method;
+
+	/* Try the limits of RSA (2048 bits) */
+	if(BN_num_bytes(rsa->p) > 128 ||
+		BN_num_bytes(rsa->q) > 128 ||
+		BN_num_bytes(rsa->dmp1) > 128 ||
+		BN_num_bytes(rsa->dmq1) > 128 ||
+		BN_num_bytes(rsa->iqmp) > 128)
+	{
+#ifdef RSA_NULL
+		def_rsa_method=RSA_null_method();
+#else
+#if 0
+		def_rsa_method=RSA_PKCS1_RSAref();
+#else
+		def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+		if(def_rsa_method)
+			return def_rsa_method->rsa_mod_exp(r0, I, rsa);
+	}

 	if((ctx = BN_CTX_new()) == NULL)
 		goto err;
@@ -686,6 +759,26 @@ err:
 static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 	{
+	const RSA_METHOD * def_rsa_method;
+
+	/* Try the limits of RSA (2048 bits) */
+	if(BN_num_bytes(r) > 256 ||
+		BN_num_bytes(a) > 256 ||
+		BN_num_bytes(m) > 256)
+	{
+#ifdef RSA_NULL
+		def_rsa_method=RSA_null_method();
+#else
+#if 0
+		def_rsa_method=RSA_PKCS1_RSAref();
+#else
+		def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+		if(def_rsa_method)
+			return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+	}
+
 	return cswift_mod_exp(r, a, p, m, ctx);
 	}

@@ -930,9 +1023,10 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 	SW_CONTEXT_HANDLE hac;
 	SW_STATUS swrc;
 	SW_LARGENUMBER largenum;
-	size_t nbytes = 0;
 	int acquired = 0;
 	int to_return = 0; /* assume failure */
+	unsigned char buf32[1024];
+

 	if (!get_context(&hac))
 	{
@@ -941,17 +1035,19 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 	}
 	acquired = 1;

-	while (nbytes < (size_t)num)
+	/************************************************************************/
+	/* 04/02/2003                                                           */
+	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
+	/* limitation of cswift with values not a multiple of 32                */
+	/************************************************************************/
+
+	while(num >= sizeof(buf32))
 	{
+		largenum.value = buf;
+		largenum.nbytes = sizeof(buf32);
 		/* tell CryptoSwift how many bytes we want and where we want it.
 		 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
 		 *       - CryptoSwift can only do multiple of 32-bits. */
-		largenum.value = (SW_BYTE *) buf + nbytes;
-		if (4096 > num - nbytes)
-			largenum.nbytes = num - nbytes;
-		else
-			largenum.nbytes = 4096;
-
 		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
 		if (swrc != SW_OK)
 		{
@@ -961,14 +1057,30 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
 			goto err;
 		}
-
-		nbytes += largenum.nbytes;
+		buf += sizeof(buf32);
+		num -= sizeof(buf32);
+	}
+	if(num)
+	{
+		largenum.nbytes = sizeof(buf32);
+		largenum.value = buf32;
+		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+		if (swrc != SW_OK)
+		{
+			char tmpbuf[20];
+			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+			sprintf(tmpbuf, "%ld", swrc);
+			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+			goto err;
+		}
+		memcpy(buf, largenum.value, num);
 	}
-	to_return = 1;  /* success */

+	to_return = 1;  /* success */
 err:
 	if (acquired)
 		release_context(hac);
+
 	return to_return;
 }

--- a/crypto/engine/hw_ubsec.c
+++ b/crypto/engine/hw_ubsec.c
@@ -454,6 +454,7 @@ static int ubsec_init(ENGINE *e)
 err:
 	if(ubsec_dso)
 		DSO_free(ubsec_dso);
+	ubsec_dso = NULL;
 	p_UBSEC_ubsec_bytes_to_bits = NULL;
 	p_UBSEC_ubsec_bits_to_bytes = NULL;
 	p_UBSEC_ubsec_open = NULL;
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 			/* There will never be more than two '=' */
 			}

-		if ((v == B64_EOF) || (n >= 64))
+		if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
 			{
 			/* This is needed to work correctly on 64 byte input
 			 * lines.  We process the line and then need to
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -63,11 +63,11 @@
 */

 #define NUM_NID 676
-#define NUM_SN 668
-#define NUM_LN 668
-#define NUM_OBJ 632
+#define NUM_SN 669
+#define NUM_LN 669
+#define NUM_OBJ 633

-static unsigned char lvalues[4572]={
+static unsigned char lvalues[4575]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -691,15 +691,16 @@ static unsigned char lvalues[4572]={
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4467] OBJ_proxyCertInfo */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4475] OBJ_id_ppl_anyLanguage */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4483] OBJ_id_ppl_inheritAll */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4491] OBJ_Independent */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4499] OBJ_sha256WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4508] OBJ_sha384WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4517] OBJ_sha512WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4526] OBJ_sha224WithRSAEncryption */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4535] OBJ_sha256 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4544] OBJ_sha384 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4553] OBJ_sha512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4562] OBJ_sha224 */
+0x55,0x1D,0x1E,                              /* [4491] OBJ_name_constraints */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4494] OBJ_Independent */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4502] OBJ_sha256WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4511] OBJ_sha384WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4520] OBJ_sha512WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4529] OBJ_sha224WithRSAEncryption */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4538] OBJ_sha256 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4547] OBJ_sha384 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4556] OBJ_sha512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4565] OBJ_sha224 */
 };

 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -1762,20 +1763,21 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 	&(lvalues[4475]),0},
 {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
 	&(lvalues[4483]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4491]),0},
+{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
+	&(lvalues[4491]),0},
+{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4494]),0},
 {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
-	&(lvalues[4499]),0},
+	&(lvalues[4502]),0},
 {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
-	&(lvalues[4508]),0},
+	&(lvalues[4511]),0},
 {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
-	&(lvalues[4517]),0},
+	&(lvalues[4520]),0},
 {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
-	&(lvalues[4526]),0},
-{"SHA256","sha256",NID_sha256,9,&(lvalues[4535]),0},
-{"SHA384","sha384",NID_sha384,9,&(lvalues[4544]),0},
-{"SHA512","sha512",NID_sha512,9,&(lvalues[4553]),0},
-{"SHA224","sha224",NID_sha224,9,&(lvalues[4562]),0},
+	&(lvalues[4529]),0},
+{"SHA256","sha256",NID_sha256,9,&(lvalues[4538]),0},
+{"SHA384","sha384",NID_sha384,9,&(lvalues[4547]),0},
+{"SHA512","sha512",NID_sha512,9,&(lvalues[4556]),0},
+{"SHA224","sha224",NID_sha224,9,&(lvalues[4565]),0},
 };

 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -2210,6 +2212,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[649]),/* "msUPN" */
 &(nid_objs[481]),/* "nSRecord" */
 &(nid_objs[173]),/* "name" */
+&(nid_objs[666]),/* "nameConstraints" */
 &(nid_objs[369]),/* "noCheck" */
 &(nid_objs[403]),/* "noRevAvail" */
 &(nid_objs[72]),/* "nsBaseUrl" */
@@ -2545,6 +2548,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
 &(nid_objs[83]),/* "X509v3 Key Usage" */
+&(nid_objs[666]),/* "X509v3 Name Constraints" */
 &(nid_objs[403]),/* "X509v3 No Revocation Available" */
 &(nid_objs[401]),/* "X509v3 Policy Constraints" */
 &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
@@ -3169,6 +3173,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */
 &(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
 &(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
+&(nid_objs[666]),/* OBJ_name_constraints             2 5 29 30 */
 &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
 &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
 &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -1799,6 +1799,11 @@
 #define NID_delta_crl		140
 #define OBJ_delta_crl		OBJ_id_ce,27L

+#define SN_name_constraints		"nameConstraints"
+#define LN_name_constraints		"X509v3 Name Constraints"
+#define NID_name_constraints		666
+#define OBJ_name_constraints		OBJ_id_ce,30L
+
 #define SN_crl_distribution_points		"crlDistributionPoints"
 #define LN_crl_distribution_points		"X509v3 CRL Distribution Points"
 #define NID_crl_distribution_points		103
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -663,7 +663,7 @@ id_ppl		662
 proxyCertInfo		663
 id_ppl_anyLanguage		664
 id_ppl_inheritAll		665
-id_ppl_independent		666
+name_constraints		666
 Independent		667
 sha256WithRSAEncryption		668
 sha384WithRSAEncryption		669
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -589,6 +589,8 @@ id-ce 21		: CRLReason		: X509v3 CRL Reason Code
 id-ce 24		: invalidityDate	: Invalidity Date
 !Cname delta-crl
 id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator
+!Cname name-constraints
+id-ce 30		: nameConstraints	: X509v3 Name Constraints
 !Cname crl-distribution-points
 id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points
 !Cname certificate-policies
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -87,16 +87,6 @@ int RAND_set_rand_method(const RAND_METHOD *meth)

 const RAND_METHOD *RAND_get_rand_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	if(FIPS_mode()
-		&& default_RAND_meth != FIPS_rand_check())
-	    {
-	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
-	    return 0;
-	    }
-#endif
-
-
 	if (!default_RAND_meth)
 		{
 #ifndef OPENSSL_NO_ENGINE
@@ -114,8 +104,22 @@ const RAND_METHOD *RAND_get_rand_method(void)
 			funct_ref = e;
 		else
 #endif
-			default_RAND_meth = RAND_SSLeay();
+#ifdef OPENSSL_FIPS
+			if(FIPS_mode())
+				default_RAND_meth=FIPS_rand_method();
+			else
+#endif
+				default_RAND_meth = RAND_SSLeay();
 		}
+
+#ifdef OPENSSL_FIPS
+	if(FIPS_mode()
+		&& default_RAND_meth != FIPS_rand_check())
+	    {
+	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+	    return 0;
+	    }
+#endif
 	return default_RAND_meth;
 	}

--- a/crypto/rc4/Makefile
+++ b/crypto/rc4/Makefile
@@ -69,7 +69,11 @@ asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
 asm/rc4-x86_64.s: asm/rc4-x86_64.pl;	$(PERL) asm/rc4-x86_64.pl $@

 asm/rc4-ia64.s: asm/rc4-ia64.S
-	$(CC) $(CFLAGS) -E asm/rc4-ia64.S > $@
+	@case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
+	int)	set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \
+	char)	set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \
+	*)	exit 1 ;; \
+	esac

 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--- a/crypto/rc4/asm/rc4-ia64.S
+++ b/crypto/rc4/asm/rc4-ia64.S
@@ -7,7 +7,7 @@
 // disclaimed.
 // ====================================================================

-.ident  "rc4-ia64.S, Version 1.1"
+.ident  "rc4-ia64.S, Version 2.0"
 .ident  "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"

 // What's wrong with compiler generated code? Because of the nature of
@@ -27,17 +27,10 @@
 // Legitimate "collisions" do occur within every 256^2 bytes window.
 // Fortunately there're enough free instruction slots to keep prior
 // reference to key[x+1], detect "collision" and compensate for it.
-// All this without sacrificing a single clock cycle:-)
-// Furthermore. In order to compress loop body to the minimum, I chose
-// to deploy deposit instruction, which substitutes for the whole
-// key->data+((x&255)<<log2(sizeof(key->data[0]))). This unfortunately
-// requires key->data to be aligned at sizeof(key->data) boundary.
-// This is why you'll find "RC4_INT pad[512-256-2];" addenum to RC4_KEY
-// and "d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));" in
-// rc4_skey.c [and rc4_enc.c, where it's retained for debugging
-// purposes]. Throughput is ~210MBps on 900MHz CPU, which is is >3x
-// faster than gcc generated code and +30% - if compared to HP-UX C.
-// Unrolling loop below should give >30% on top of that...
+// All this without sacrificing a single clock cycle:-) Throughput is
+// ~210MBps on 900MHz CPU, which is is >3x faster than gcc generated
+// code and +30% - if compared to HP-UX C. Unrolling loop below should
+// give >30% on top of that...

 .text
 .explicit
@@ -48,7 +41,9 @@
 # define ADDP	add
 #endif

+#ifndef SZ
 #define SZ	4	// this is set to sizeof(RC4_INT)
+#endif
 // SZ==4 seems to be optimal. At least SZ==8 is not any faster, not for
 // assembler implementation, while SZ==1 code is ~30% slower.
 #if SZ==1	// RC4_INT is unsigned char
@@ -101,45 +96,53 @@ RC4:
 	ADDP	out=0,in3
 	brp.loop.imp	.Ltop,.Lexit-16	};;
 { .mmi;	LDKEY	yy=[key]			// load key->y
-	add	ksch=(255+1)*SZ,key		// as ksch will be used with
-						// deposit instruction only,
-						// I don't have to &~255...
+	add	ksch=SZ,key
 	mov	ar.lc=in1		}
 { .mmi;	mov	key_y[1]=r0			// guarantee inequality
 						// in first iteration
 	add	xx=1,xx
 	mov	pr.rot=1<<16		};;
 { .mii;	nop.m	0
-	dep	key_x[1]=xx,ksch,OFF,8
+	dep	key_x[1]=xx,r0,OFF,8
 	mov	ar.ec=3			};;	// note that epilogue counter
 						// is off by 1. I compensate
 						// for this at exit...
 .Ltop:
-// The loop is scheduled for 3*(n+2) spin-rate on Itanium 2, which
+// The loop is scheduled for 4*(n+2) spin-rate on Itanium 2, which
 // theoretically gives asymptotic performance of clock frequency
-// divided by 3 bytes per seconds, or 500MBps on 1.5GHz CPU. Measured
-// performance however is distinctly lower than 1/4:-( The culplrit
-// seems to be *(out++)=dat, which inadvertently splits the bundle,
-// even though there is M-port available... Unrolling is due...
-// Unrolled loop should collect output with variable shift instruction
-// in order to avoid starvation for integer shifter... It should be
-// possible to get pretty close to theoretical peak...
-{ .mmi;	(p16)	LDKEY	tx[0]=[key_x[1]]		// tx=key[xx]
-	(p17)	LDKEY	ty[0]=[key_y[1]]		// ty=key[yy]	
-	(p18)	dep	rnd[1]=rnd[1],ksch,OFF,8}	// &key[(tx+ty)&255]
+// divided by 4 bytes per seconds, or 400MBps on 1.6GHz CPU. This is
+// for sizeof(RC4_INT)==4. For smaller RC4_INT STKEY inadvertently
+// splits the last bundle and you end up with 5*n spin-rate:-(
+// Originally the loop was scheduled for 3*n and relied on key
+// schedule to be aligned at 256*sizeof(RC4_INT) boundary. But
+// *(out++)=dat, which maps to st1, had same effect [inadvertent
+// bundle split] and holded the loop back. Rescheduling for 4*n
+// made it possible to eliminate dependence on specific alignment
+// and allow OpenSSH keep "abusing" our API. Reaching for 3*n would
+// require unrolling, sticking to variable shift instruction for
+// collecting output [to avoid starvation for integer shifter] and
+// copying of key schedule to controlled place in stack [so that
+// deposit instruction can serve as substitute for whole
+// key->data+((x&255)<<log2(sizeof(key->data[0])))]...
 { .mmi;	(p19)	st1	[out]=dat[3],1			// *(out++)=dat
 	(p16)	add	xx=1,xx				// x++
-	(p16)	cmp.ne.unc p20,p21=key_x[1],key_y[1]	};;
+	(p18)	dep	rnd[1]=rnd[1],r0,OFF,8	}	// ((tx+ty)&255)<<OFF
+{ .mmi;	(p16)	add	key_x[1]=ksch,key_x[1]		// &key[xx&255]
+	(p17)	add	key_y[1]=ksch,key_y[1]	};;	// &key[yy&255]	
+{ .mmi;	(p16)	LDKEY	tx[0]=[key_x[1]]		// tx=key[xx]
+	(p17)	LDKEY	ty[0]=[key_y[1]]		// ty=key[yy]	
+	(p16)	dep	key_x[0]=xx,r0,OFF,8	}	// (xx&255)<<OFF
+{ .mmi;	(p18)	add	rnd[1]=ksch,rnd[1]		// &key[(tx+ty)&255]
+	(p16)	cmp.ne.unc p20,p21=key_x[1],key_y[1] };;
 { .mmi;	(p18)	LDKEY	rnd[1]=[rnd[1]]			// rnd=key[(tx+ty)&255]
-	(p16)	ld1	dat[0]=[inp],1			// dat=*(inp++)
-	(p16)	dep	key_x[0]=xx,ksch,OFF,8	}	// &key[xx&255]
+	(p16)	ld1	dat[0]=[inp],1		}	// dat=*(inp++)
 .pred.rel	"mutex",p20,p21
 { .mmi;	(p21)	add	yy=yy,tx[1]			// (p16)
 	(p20)	add	yy=yy,tx[0]			// (p16) y+=tx
 	(p21)	mov	tx[0]=tx[1]		};;	// (p16)
 { .mmi;	(p17)	STKEY	[key_y[1]]=tx[1]		// key[yy]=tx
 	(p17)	STKEY	[key_x[2]]=ty[0]		// key[xx]=ty
-	(p16)	dep	key_y[0]=yy,ksch,OFF,8	}	// &key[yy&255]
+	(p16)	dep	key_y[0]=yy,r0,OFF,8	}	// &key[yy&255]
 { .mmb;	(p17)	add	rnd[0]=tx[1],ty[0]		// tx+=ty
 	(p18)	xor	dat[2]=dat[2],rnd[1]		// dat^=rnd
 	br.ctop.sptk	.Ltop			};;
--- a/crypto/rc4/rc4.h
+++ b/crypto/rc4/rc4.h
@@ -73,10 +73,6 @@ typedef struct rc4_key_st
 	{
 	RC4_INT x,y;
 	RC4_INT data[256];
-#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
-	/* see crypto/rc4/asm/rc4-ia64.S for further details... */
-	RC4_INT pad[512-256-2];
-#endif
 	} RC4_KEY;

 
--- a/crypto/rc4/rc4_enc.c
+++ b/crypto/rc4/rc4_enc.c
@@ -77,10 +77,6 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
        x=key->x;     
        y=key->y;     
        d=key->data; 
-#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
-	/* see crypto/rc4/asm/rc4-ia64.S for further details... */
-	d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
-#endif

 #if defined(RC4_CHUNK)
 	/*
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
@@ -95,10 +95,6 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4)
        unsigned int i;
        
        d= &(key->data[0]);
-#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
-	/* see crypto/rc4/asm/rc4-ia64.S for further details... */
-	d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
-#endif

 	for (i=0; i<256; i++)
 		d[i]=i;
--- a/crypto/rsa/Makefile
+++ b/crypto/rsa/Makefile
@@ -24,10 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
 	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
-	rsa_asn1.c
+	rsa_pss.c rsa_x931.c rsa_asn1.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
 	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
-	rsa_asn1.o
+	rsa_pss.o rsa_x931.o rsa_asn1.o

 SRC= $(LIBSRC)

@@ -184,6 +184,26 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pss.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_pss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_pss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_pss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_pss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_pss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_pss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_pss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_pss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_pss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_pss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_pss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rsa_pss.o: ../../include/openssl/ui_compat.h ../cryptlib.h rsa_pss.c
 rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
 rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -237,3 +257,13 @@ rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
+rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -191,6 +191,7 @@ struct rsa_st
 #define RSA_SSLV23_PADDING	2
 #define RSA_NO_PADDING		3
 #define RSA_PKCS1_OAEP_PADDING	4
+#define RSA_X931_PADDING	5

 #define RSA_PKCS1_PADDING_SIZE	11

@@ -203,6 +204,15 @@ int	RSA_size(const RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
 		(*callback)(int,int,void *),void *cb_arg);
 int	RSA_check_key(const RSA *);
+#ifdef OPENSSL_FIPS
+int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+			const BIGNUM *e);
+RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
+	     void (*cb)(int,int,void *), void *cb_arg);
+#endif
 	/* next 4 return -1 on error */
 int	RSA_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
@@ -275,6 +285,8 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
 	const unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
 	const unsigned char *f,int fl,int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len,
+	const unsigned char *seed, long seedlen, const EVP_MD *dgst);
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
 	const unsigned char *f,int fl,
 	const unsigned char *p,int pl);
@@ -289,6 +301,17 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
 	const unsigned char *f,int fl);
 int RSA_padding_check_none(unsigned char *to,int tlen,
 	const unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_X931(unsigned char *to,int tlen,
+	const unsigned char *f,int fl);
+int RSA_padding_check_X931(unsigned char *to,int tlen,
+	const unsigned char *f,int fl,int rsa_len);
+int RSA_X931_hash_id(int nid);
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+			const EVP_MD *Hash, const unsigned char *EM, int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+			const unsigned char *mHash,
+			const EVP_MD *Hash, int sLen);

 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@@ -318,20 +341,24 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_NULL					 124
 #define RSA_F_RSA_PADDING_ADD_NONE			 107
 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121
+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS			 125
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
 #define RSA_F_RSA_PADDING_ADD_SSLV23			 110
+#define RSA_F_RSA_PADDING_ADD_X931			 127
 #define RSA_F_RSA_PADDING_CHECK_NONE			 111
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113
 #define RSA_F_RSA_PADDING_CHECK_SSLV23			 114
+#define RSA_F_RSA_PADDING_CHECK_X931			 128
 #define RSA_F_RSA_PRINT					 115
 #define RSA_F_RSA_PRINT_FP				 116
 #define RSA_F_RSA_SIGN					 117
 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118
 #define RSA_F_RSA_VERIFY				 119
 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120
+#define RSA_F_RSA_VERIFY_PKCS1_PSS			 126

 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH			 100
@@ -351,12 +378,18 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
 #define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
+#define RSA_R_FIRST_OCTET_INVALID			 133
+#define RSA_R_INVALID_HEADER				 137
 #define RSA_R_INVALID_MESSAGE_LENGTH			 131
+#define RSA_R_INVALID_PADDING				 138
+#define RSA_R_INVALID_TRAILER				 139
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
 #define RSA_R_KEY_SIZE_TOO_SMALL			 120
+#define RSA_R_LAST_OCTET_INVALID			 134
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
 #define RSA_R_OAEP_DECODING_ERROR			 121
+#define RSA_R_SLEN_RECOVERY_FAILED			 135
 #define RSA_R_PADDING_CHECK_FAILED			 114
 #define RSA_R_P_NOT_PRIME				 128
 #define RSA_R_Q_NOT_PRIME				 129
@@ -366,6 +399,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
 #define RSA_R_UNKNOWN_PADDING_TYPE			 118
 #define RSA_R_WRONG_SIGNATURE_LENGTH			 119
+#define RSA_R_SLEN_CHECK_FAILED				 136

 #ifdef  __cplusplus
 }
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -285,7 +285,7 @@ err:
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
-	BIGNUM f,ret;
+	BIGNUM f,ret, *res;
 	int i,j,k,num=0,r= -1;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
@@ -377,6 +377,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		
 		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
 			{
+			BN_init(&local_d);
 			d = &local_d;
 			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
 			}
@@ -388,10 +389,21 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	if (blinding)
 		if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;

+	if (padding == RSA_X931_PADDING)
+		{
+		BN_sub(&f, rsa->n, &ret);
+		if (BN_cmp(&ret, &f))
+			res = &f;
+		else
+			res = &ret;
+		}
+	else
+		res = &ret;
+
 	/* put in leading 0 bytes if the number is less than the
 	 * length of the modulus */
-	j=BN_num_bytes(&ret);
-	i=BN_bn2bin(&ret,&(to[num-j]));
+	j=BN_num_bytes(res);
+	i=BN_bn2bin(res,&(to[num-j]));
 	for (k=0; k<(num-i); k++)
 		to[k]=0;

@@ -605,6 +617,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
 		rsa->_method_mod_n)) goto err;

+	if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
+		BN_sub(&ret, rsa->n, &ret);
+
 	p=buf;
 	i=BN_bn2bin(&ret,p);

--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -81,20 +81,24 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_NULL),	"RSA_NULL"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),	"RSA_padding_add_none"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),	"RSA_padding_add_PKCS1_OAEP"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),	"RSA_padding_add_PKCS1_PSS"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),	"RSA_padding_add_PKCS1_type_1"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),	"RSA_padding_add_PKCS1_type_2"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),	"RSA_padding_add_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),	"RSA_padding_add_X931"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),	"RSA_padding_check_none"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),	"RSA_padding_check_PKCS1_OAEP"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),	"RSA_padding_check_PKCS1_type_1"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),	"RSA_padding_check_PKCS1_type_2"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),	"RSA_padding_check_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),	"RSA_padding_check_X931"},
 {ERR_FUNC(RSA_F_RSA_PRINT),	"RSA_print"},
 {ERR_FUNC(RSA_F_RSA_PRINT_FP),	"RSA_print_fp"},
 {ERR_FUNC(RSA_F_RSA_SIGN),	"RSA_sign"},
 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),	"RSA_sign_ASN1_OCTET_STRING"},
 {ERR_FUNC(RSA_F_RSA_VERIFY),	"RSA_verify"},
 {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),	"RSA_verify_ASN1_OCTET_STRING"},
+{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),	"RSA_verify_PKCS1_PSS"},
 {0,NULL}
 	};

@@ -117,12 +121,18 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
 {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
 {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
+{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
+{ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
 {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
+{ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
+{ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
 {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
 {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
+{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
 {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
 {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
+{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
 {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
@@ -132,6 +142,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
 {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
 {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
+{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
 {0,NULL}
 	};

--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -28,9 +28,6 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>

-int MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen);
-
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 	const unsigned char *from, int flen,
 	const unsigned char *param, int plen)
@@ -76,11 +73,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 	   20);
 #endif

-	MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+	PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH,
+								EVP_sha1());
 	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
 		db[i] ^= dbmask[i];

-	MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+	PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH,
+								EVP_sha1());
 	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
 		seed[i] ^= seedmask[i];

@@ -126,11 +125,11 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 		return -1;
 		}

-	MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+	PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1());
 	for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
 		seed[i] ^= from[i - lzero];
  
-	MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+	PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1());
 	for (i = 0; i < dblen; i++)
 		db[i] ^= maskeddb[i];

@@ -170,28 +169,30 @@ decoding_err:
 	return -1;
 	}

-int MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen)
+int PKCS1_MGF1(unsigned char *mask, long len,
+	const unsigned char *seed, long seedlen, const EVP_MD *dgst)
 	{
 	long i, outlen = 0;
 	unsigned char cnt[4];
 	EVP_MD_CTX c;
-	unsigned char md[SHA_DIGEST_LENGTH];
+	unsigned char md[EVP_MAX_MD_SIZE];
+	int mdlen;

 	EVP_MD_CTX_init(&c);
+	mdlen = EVP_MD_size(dgst);
 	for (i = 0; outlen < len; i++)
 		{
 		cnt[0] = (unsigned char)((i >> 24) & 255);
 		cnt[1] = (unsigned char)((i >> 16) & 255);
 		cnt[2] = (unsigned char)((i >> 8)) & 255;
 		cnt[3] = (unsigned char)(i & 255);
-		EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+		EVP_DigestInit_ex(&c,dgst, NULL);
 		EVP_DigestUpdate(&c, seed, seedlen);
 		EVP_DigestUpdate(&c, cnt, 4);
-		if (outlen + SHA_DIGEST_LENGTH <= len)
+		if (outlen + mdlen <= len)
 			{
 			EVP_DigestFinal_ex(&c, mask + outlen, NULL);
-			outlen += SHA_DIGEST_LENGTH;
+			outlen += mdlen;
 			}
 		else
 			{
@@ -203,4 +204,9 @@ int MGF1(unsigned char *mask, long len,
 	EVP_MD_CTX_cleanup(&c);
 	return 0;
 	}
+
+int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+	{
+	return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
+	}
 #endif
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -0,0 +1,261 @@
+/* rsa_pss.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+const static unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+			const EVP_MD *Hash, const unsigned char *EM, int sLen)
+	{
+	int i;
+	int ret = 0;
+	int hLen, maskedDBLen, MSBits, emLen;
+	const unsigned char *H;
+	unsigned char *DB = NULL;
+	EVP_MD_CTX ctx;
+	unsigned char H_[EVP_MAX_MD_SIZE];
+
+	hLen = EVP_MD_size(Hash);
+	/*
+	 * Negative sLen has special meanings:
+	 *	-1	sLen == hLen
+	 *	-2	salt length is autorecovered from signature
+	 *	-N	reserved
+	 */
+	if      (sLen == -1)	sLen = hLen;
+	else if (sLen == -2)	sLen = -2;
+	else if (sLen < -2)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+		goto err;
+		}
+
+	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+	emLen = RSA_size(rsa);
+	if (EM[0] & (0xFF << MSBits))
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
+		goto err;
+		}
+	if (MSBits == 0)
+		{
+		EM++;
+		emLen--;
+		}
+	if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
+		goto err;
+		}
+	if (EM[emLen - 1] != 0xbc)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
+		goto err;
+		}
+	maskedDBLen = emLen - hLen - 1;
+	H = EM + maskedDBLen;
+	DB = OPENSSL_malloc(maskedDBLen);
+	if (!DB)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
+	for (i = 0; i < maskedDBLen; i++)
+		DB[i] ^= EM[i];
+	if (MSBits)
+		DB[0] &= 0xFF >> (8 - MSBits);
+	for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
+	if (DB[i++] != 0x1)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
+		goto err;
+		}
+	if (sLen >= 0 && (maskedDBLen - i) != sLen)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+		goto err;
+		}
+	EVP_MD_CTX_init(&ctx);
+	EVP_DigestInit_ex(&ctx, Hash, NULL);
+	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
+	EVP_DigestUpdate(&ctx, mHash, hLen);
+	if (maskedDBLen - i)
+		EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
+	EVP_DigestFinal(&ctx, H_, NULL);
+	EVP_MD_CTX_cleanup(&ctx);
+	if (memcmp(H_, H, hLen))
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
+		ret = 0;
+		}
+	else 
+		ret = 1;
+
+	err:
+	if (DB)
+		OPENSSL_free(DB);
+
+	return ret;
+
+	}
+
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+			const unsigned char *mHash,
+			const EVP_MD *Hash, int sLen)
+	{
+	int i;
+	int ret = 0;
+	int hLen, maskedDBLen, MSBits, emLen;
+	unsigned char *H, *salt = NULL, *p;
+	EVP_MD_CTX ctx;
+
+	hLen = EVP_MD_size(Hash);
+	/*
+	 * Negative sLen has special meanings:
+	 *	-1	sLen == hLen
+	 *	-2	salt length is maximized
+	 *	-N	reserved
+	 */
+	if      (sLen == -1)	sLen = hLen;
+	else if (sLen == -2)	sLen = -2;
+	else if (sLen < -2)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+		goto err;
+		}
+
+	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+	emLen = RSA_size(rsa);
+	if (MSBits == 0)
+		{
+		*EM++ = 0;
+		emLen--;
+		}
+	if (sLen == -2)
+		{
+		sLen = emLen - hLen - 2;
+		}
+	else if (emLen < (hLen + sLen + 2))
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
+		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		goto err;
+		}
+	if (sLen > 0)
+		{
+		salt = OPENSSL_malloc(sLen);
+		if (!salt)
+			{
+			RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
+		   		ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		if (!RAND_bytes(salt, sLen))
+			goto err;
+		}
+	maskedDBLen = emLen - hLen - 1;
+	H = EM + maskedDBLen;
+	EVP_MD_CTX_init(&ctx);
+	EVP_DigestInit_ex(&ctx, Hash, NULL);
+	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
+	EVP_DigestUpdate(&ctx, mHash, hLen);
+	if (sLen)
+		EVP_DigestUpdate(&ctx, salt, sLen);
+	EVP_DigestFinal(&ctx, H, NULL);
+	EVP_MD_CTX_cleanup(&ctx);
+
+	/* Generate dbMask in place then perform XOR on it */
+	PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
+
+	p = EM;
+
+	/* Initial PS XORs with all zeroes which is a NOP so just update
+	 * pointer. Note from a test above this value is guaranteed to
+	 * be non-negative.
+	 */
+	p += emLen - sLen - hLen - 2;
+	*p++ ^= 0x1;
+	if (sLen > 0)
+		{
+		for (i = 0; i < sLen; i++)
+			*p++ ^= salt[i];
+		}
+	if (MSBits)
+		EM[0] &= 0xFF >> (8 - MSBits);
+
+	/* H is already in place so just set final 0xbc */
+
+	EM[emLen - 1] = 0xbc;
+
+	ret = 1;
+
+	err:
+	if (salt)
+		OPENSSL_free(salt);
+
+	return ret;
+
+	}
--- a/crypto/rsa/rsa_x931.c
+++ b/crypto/rsa/rsa_x931.c
@@ -0,0 +1,177 @@
+/* rsa_x931.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+
+int RSA_padding_add_X931(unsigned char *to, int tlen,
+	     const unsigned char *from, int flen)
+	{
+	int j;
+	unsigned char *p;
+
+	/* Absolute minimum amount of padding is 1 header nibble, 1 padding
+	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
+	 */
+
+	j = tlen - flen - 2;
+
+	if (j < 0)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		return -1;
+		}
+	
+	p=(unsigned char *)to;
+
+	/* If no padding start and end nibbles are in one byte */
+	if (j == 0)
+		*p++ = 0x6A;
+	else
+		{
+		*p++ = 0x6B;
+		if (j > 1)
+			{
+			memset(p, 0xBB, j - 1);
+			p += j - 1;
+			}
+		*p++ = 0xBA;
+		}
+	memcpy(p,from,(unsigned int)flen);
+	p += flen;
+	*p = 0xCC;
+	return(1);
+	}
+
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+	     const unsigned char *from, int flen, int num)
+	{
+	int i,j;
+	const unsigned char *p;
+
+	p=from;
+	if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);
+		return -1;
+		}
+
+	if (*p++ == 0x6B)
+		{
+		j=flen-3;
+		for (i = 0; i < j; i++)
+			{
+			unsigned char c = *p++;
+			if (c == 0xBA)
+				break;
+			if (c != 0xBB)
+				{
+				RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
+					RSA_R_INVALID_PADDING);
+				return -1;
+				}
+			}
+
+		j -= i;
+
+		if (i == 0)
+			{
+			RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+			return -1;
+			}
+
+		}
+	else j = flen - 2;
+
+	if (p[j] != 0xCC)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
+		return -1;
+		}
+
+	memcpy(to,p,(unsigned int)j);
+
+	return(j);
+	}
+
+/* Translate between X931 hash ids and NIDs */
+
+int RSA_X931_hash_id(int nid)
+	{
+	switch (nid)
+		{
+		case NID_sha1:
+		return 0x33;
+
+		case NID_sha256:
+		return 0x34;
+
+		case NID_sha384:
+		return 0x36;
+
+		case NID_sha512:
+		return 0x35;
+
+		}
+	return -1;
+	}
+
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -122,19 +122,19 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 		{
 	case X509_L_ADD_DIR:
 		if (argl == X509_FILETYPE_DEFAULT)
+			dir=(char *)Getenv(X509_get_default_cert_dir_env());
+			if (dir)
+			ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
+			else
 			{
 			ret=add_cert_dir(ld,X509_get_default_cert_dir(),
 				X509_FILETYPE_PEM);
+			}
 			if (!ret)
 				{
 				X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
 				}
-			else
-				{
-				dir=(char *)Getenv(X509_get_default_cert_dir_env());
-				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
-				}
-			}
+
 		else
 			ret=add_cert_dir(ld,argp,(int)argl);
 		break;
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -944,7 +944,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
 		offset=0;
 	else
 		{
-		if ((*str != '+') && (str[5] != '-'))
+		if ((*str != '+') && (*str != '-'))
 			return 0;
 		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
 		offset+=(str[3]-'0')*10+(str[4]-'0');
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -211,9 +211,9 @@ Blowfish and RC5 algorithms use a 128 bit key.

 rc2-cbc            128 bit RC2 in CBC mode
 rc2                Alias for rc2-cbc
- rc2-cfb            128 bit RC2 in CBC mode
- rc2-ecb            128 bit RC2 in CBC mode
- rc2-ofb            128 bit RC2 in CBC mode
+ rc2-cfb            128 bit RC2 in CFB mode
+ rc2-ecb            128 bit RC2 in ECB mode
+ rc2-ofb            128 bit RC2 in OFB mode
 rc2-64-cbc         64 bit RC2 in CBC mode
 rc2-40-cbc         40 bit RC2 in CBC mode

@@ -223,9 +223,9 @@ Blowfish and RC5 algorithms use a 128 bit key.

 rc5-cbc            RC5 cipher in CBC mode
 rc5                Alias for rc5-cbc
- rc5-cfb            RC5 cipher in CBC mode
- rc5-ecb            RC5 cipher in CBC mode
- rc5-ofb            RC5 cipher in CBC mode
+ rc5-cfb            RC5 cipher in CFB mode
+ rc5-ecb            RC5 cipher in ECB mode
+ rc5-ofb            RC5 cipher in OFB mode

 =head1 EXAMPLES

--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
@@ -35,7 +35,7 @@ calls OPENSSL_add_all_algorithms() by compiling an application with the
 preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
 can be added without source changes.

-The environment variable B<OPENSSL_CONFIG> can be set to specify the location
+The environment variable B<OPENSSL_CONF> can be set to specify the location
 of the configuration file.
 
 Currently ASN1 OBJECTs and ENGINE configuration can be performed future
--- a/doc/crypto/threads.pod
+++ b/doc/crypto/threads.pod
@@ -65,9 +65,10 @@ B<CRYPTO_LOCK>, and releases it otherwise.
 B<file> and B<line> are the file number of the function setting the
 lock. They can be useful for debugging.

-id_function(void) is a function that returns a thread ID. It is not
+id_function(void) is a function that returns a thread ID, for example
+pthread_self() if it returns an integer (see NOTES below).  It isn't
 needed on Windows nor on platforms where getpid() returns a different
-ID for each thread (most notably Linux).
+ID for each thread (see NOTES below).

 Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
 of OpenSSL need it for better performance.  To enable this, the following
@@ -124,13 +125,13 @@ CRYPTO_get_new_dynlockid() returns the index to the newly created lock.

 The other functions return no values.

-=head1 NOTE
+=head1 NOTES

 You can find out if OpenSSL was configured with thread support:

 #define OPENSSL_THREAD_DEFINES
 #include <openssl/opensslconf.h>
- #if defined(THREADS)
+ #if defined(OPENSSL_THREADS)
   // thread support enabled
 #else
   // no thread support
@@ -139,6 +140,22 @@ You can find out if OpenSSL was configured with thread support:
 Also, dynamic locks are currently not used internally by OpenSSL, but
 may do so in the future.

+Defining id_function(void) has it's own issues.  Generally speaking,
+pthread_self() should be used, even on platforms where getpid() gives
+different answers in each thread, since that may depend on the machine
+the program is run on, not the machine where the program is being
+compiled.  For instance, Red Hat 8 Linux and earlier used
+LinuxThreads, whose getpid() returns a different value for each
+thread.  Red Hat 9 Linux and later use NPTL, which is
+Posix-conformant, and has a getpid() that returns the same value for
+all threads in a process.  A program compiled on Red Hat 8 and run on
+Red Hat 9 will therefore see getpid() returning the same value for
+all threads.
+
+There is still the issue of platforms where pthread_self() returns
+something other than an integer.  This is a bit unusual, and this
+manual has no cookbook solution for that case.
+
 =head1 EXAMPLES

 B<crypto/threads/mttest.c> shows examples of the callback functions on
--- a/e_os.h
+++ b/e_os.h
@@ -214,6 +214,8 @@ extern "C" {
 #    define _setmode setmode
 #    define _O_TEXT O_TEXT
 #    define _O_BINARY O_BINARY
+#    undef DEVRANDOM
+#    define DEVRANDOM "/dev/urandom\x24"
 #  endif /* __DJGPP__ */

 #  ifndef S_IFDIR
--- a/fips/Makefile
+++ b/fips/Makefile
@@ -11,21 +11,22 @@ CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
+MAKEFILE=       Makefile
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile
+PERL=		perl
 RM=             rm -f
 AR=		ar r

 PEX_LIBS=
 EX_LIBS=

-CFLAGS= $(INCLUDE) $(CFLAG)
+CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"


 LIBS=

-FDIRS=sha1 rand des aes dsa rsa dh hmac
+FDIRS=sha rand des aes dsa rsa dh hmac

 GENERAL=Makefile README fips-lib.com install.com

@@ -39,6 +40,7 @@ SRC= $(LIBSRC)
 EXHEADER=fips.h
 HEADER=$(EXHEADER) fips_err.h
 EXE=openssl_fips_fingerprint
+TEST= fips_test_suite.c

 ALL=    $(GENERAL) $(SRC) $(HEADER)

@@ -76,7 +78,8 @@ files:
 	done;

 links:
-	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
 	@for i in $(FDIRS); do \
 	(cd $$i && echo "making links in fips/$$i..." && \
 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
@@ -100,22 +103,11 @@ libs:
 	done;

 tests:
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making tests in fips/$$i..." && \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
-	done;
+	(cd ..; make DIRS=test)

-top_fips_test_suite:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=. TARGET=fips_test_suite sub_target)
-
-fips_test_suite: fips_test_suite.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_test_suite fips_test_suite.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_test_suite || { rm fips_test_suite; false; }
-
-fips_test: top top_fips_test_suite
-	cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
-	@for i in dsa sha1 aes des hmac rand rsa; \
+fips_test: top tests
+	-cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
+	@for i in dsa sha aes des hmac rand rsa; \
 	do \
 		(cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \
 	done;
--- a/fips/aes/Makefile
+++ b/fips/aes/Makefile
@@ -66,18 +66,11 @@ tags:

 tests:

-top_fips_aesavs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_aesavs sub_target)
-
-fips_aesavs: fips_aesavs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_aesavs fips_aesavs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_aesavs
-
-fips_test: top top_fips_aesavs
-	find ../testvectors/aes/req -name '*.req' > testlist
+fips_test:
+	-find ../testvectors/aes/req -name '*.req' > testlist
 	-rm -rf ../testvectors/aes/rsp
 	mkdir ../testvectors/aes/rsp
-	./fips_aesavs -d testlist
+	if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
--- a/fips/des/Makefile
+++ b/fips/des/Makefile
@@ -64,26 +64,11 @@ tags:

 tests:

-top_fips_desmovs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_desmovs sub_target)
-
-fips_desmovs: fips_desmovs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_desmovs fips_desmovs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_desmovs
-
-fips_test: top_fips_desmovs
-	find ../testvectors/des/req -name '*.req' > testlist
-	-rm -rf ../testvectors/des/rsp
-	mkdir ../testvectors/des/rsp
-	./fips_desmovs -d testlist
-	find ../testvectors/des2/req -name '*.req' > testlist
-	-rm -rf ../testvectors/des2/rsp
-	mkdir ../testvectors/des2/rsp
-	./fips_desmovs -d testlist
-	find ../testvectors/des3/req -name '*.req' > testlist
-	-rm -rf ../testvectors/des3/rsp
-	mkdir ../testvectors/des3/rsp
-	./fips_desmovs -d testlist
+fips_test:
+	-find ../testvectors/tdes/req -name '*.req' > testlist
+	-rm -rf ../testvectors/tdes/rsp
+	mkdir ../testvectors/tdes/rsp
+	if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
--- a/fips/dh/fips_dh_key.c
+++ b/fips/dh/fips_dh_key.c
@@ -145,8 +145,23 @@ static int generate_key(DH *dh)
 		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 		if (!BN_rand(priv_key, l, 0, 0)) goto err;
 		}
-	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
-		goto err;
+
+	{
+		BIGNUM local_prk;
+		BIGNUM *prk;
+
+		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+			{
+			BN_init(&local_prk);
+			prk = &local_prk;
+			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
+			}
+		else
+			prk = priv_key;
+
+		if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
+			goto err;
+	}
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -184,6 +199,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 		mont = BN_MONT_CTX_set_locked(
 				(BN_MONT_CTX **)&dh->method_mont_p,
 				CRYPTO_LOCK_DH, dh->p, ctx);
+		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+			{
+			/* XXX */
+			BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
+			}
 		if (!mont)
 			goto err;
 		}
@@ -206,7 +226,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 			const BIGNUM *m, BN_CTX *ctx,
 			BN_MONT_CTX *m_ctx)
 	{
-	if (a->top == 1)
+	/* If a is only one word long and constant time is false, use the faster
+	 * exponenentiation function.
+	 */
+	if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
 		{
 		BN_ULONG A = a->d[0];
 		return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
--- a/fips/dsa/Makefile
+++ b/fips/dsa/Makefile
@@ -18,7 +18,7 @@ AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)

 GENERAL=Makefile
-TEST=fips_dsatest.c
+TEST=fips_dsatest.c fips_dssvs.c
 APPS=

 LIB=$(TOP)/libcrypto.a
@@ -62,23 +62,16 @@ tags:

 tests:

-top_fips_dssvs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_dssvs sub_target)
-
-fips_dssvs: fips_dssvs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_dssvs fips_dssvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_dssvs
-
 Q=../testvectors/dsa/req
 A=../testvectors/dsa/rsp

-fips_test: top_fips_dssvs
+fips_test:
 	-rm -rf $A
 	mkdir $A
-	./fips_dssvs pqg < $Q/PQGGen.req > $A/PQGGen.rsp
-	./fips_dssvs keypair < $Q/KeyPair.req > $A/KeyPair.rsp
-	./fips_dssvs siggen < $Q/SigGen.req > $A/SigGen.rsp
-	./fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp
+	if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
+	if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
+	if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
+	if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
--- a/fips/dsa/fips_dsa_ossl.c
+++ b/fips/dsa/fips_dsa_ossl.c
@@ -187,7 +187,7 @@ err:
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
 	BN_CTX *ctx;
-	BIGNUM k,*kinv=NULL,*r=NULL;
+	BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
 	int ret=0;

 	if (!dsa->p || !dsa->q || !dsa->g)
@@ -197,6 +197,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}

 	BN_init(&k);
+	BN_init(&kq);

 	if (ctx_in == NULL)
 		{
@@ -206,12 +207,15 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		ctx=ctx_in;

 	if ((r=BN_new()) == NULL) goto err;
-	kinv=NULL;

 	/* Get random k */
 	do
 		if (!BN_rand_range(&k, dsa->q)) goto err;
 	while (BN_is_zero(&k));
+	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+		{
+		BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+		}

 	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
 		{
@@ -222,7 +226,30 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}

 	/* Compute r = (g^k mod p) mod q */
-	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+
+	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+		{
+		if (!BN_copy(&kq, &k)) goto err;
+
+		/* We do not want timing information to leak the length of k,
+		 * so we compute g^k using an equivalent exponent of fixed length.
+		 *
+		 * (This is a kludge that we need because the BN_mod_exp_mont()
+		 * does not let us specify the desired timing behaviour.) */
+
+		if (!BN_add(&kq, &kq, dsa->q)) goto err;
+		if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+			{
+			if (!BN_add(&kq, &kq, dsa->q)) goto err;
+			}
+
+		K = &kq;
+		}
+	else
+		{
+		K = &k;
+		}
+	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;

@@ -245,6 +272,7 @@ err:
 	if (ctx_in == NULL) BN_CTX_free(ctx);
 	if (kinv != NULL) BN_clear_free(kinv);
 	BN_clear_free(&k);
+	BN_clear_free(&kq);
 	return(ret);
 	}

--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@@ -1,3 +1,15 @@
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main()
+{
+    printf("No FIPS DSA support\n");
+    return(0);
+}
+#else
+
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/fips.h>
@@ -304,3 +316,4 @@ int main(int argc,char **argv)

    return 0;
    }
+#endif
--- a/fips/fips-lib.com
+++ b/fips/fips-lib.com
@@ -75,7 +75,7 @@ $ ENDIF
 $!
 $! Define The Different Encryption Types.
 $!
-$ ENCRYPT_TYPES = "Basic,SHA1,RAND,DES,AES,DSA,RSA,DH,HMAC"
+$ ENCRYPT_TYPES = "Basic,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC"
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -151,12 +151,12 @@ $!
 $! Define The Different Encryption "library" Strings.
 $!
 $ LIB_ = "fips,fips_err_wrapper"
-$ LIB_SHA1 = "fips_sha1dgst,fips_sha1_selftest,fips_sha256,fips_sha512"
+$ LIB_SHA = "fips_sha1dgst,fips_sha1_selftest,fips_sha256,fips_sha512"
 $ LIB_RAND = "fips_rand,fips_rand_selftest"
 $ LIB_DES = "fips_des_enc,fips_des_selftest,fips_set_key"
 $ LIB_AES = "fips_aes_core,fips_aes_selftest"
 $ LIB_DSA = "fips_dsa_ossl,fips_dsa_gen,fips_dsa_selftest"
-$ LIB_RSA = "fips_rsa_eay,fips_rsa_gen,fips_rsa_selftest"
+$ LIB_RSA = "fips_rsa_eay,fips_rsa_gen,fips_rsa_selftest,fips_rsa_x931g"
 $ LIB_DH = "fips_dh_check,fips_dh_gen,fips_dh_key"
 $ LIB_HMAC = "fips_hmac,fips_hmac_selftest"
 $!
@@ -857,7 +857,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -145,6 +145,73 @@ int FIPS_selftest()
 	&& FIPS_selftest_dsa();
    }

+#ifndef HMAC_EXT
+#define HMAC_EXT "sha1"
+#endif
+
+static char key[]="etaonrishdlcupfm";
+
+#ifdef OPENSSL_PIC
+int DSO_pathbyaddr(void *addr,char *path,int sz);
+
+static int FIPS_check_dso()
+    {
+    unsigned char buf[1024];
+    char path [512];
+    unsigned char mdbuf[EVP_MAX_MD_SIZE];
+    FILE *f;
+    HMAC_CTX hmac;
+    int len,n;
+
+    len = DSO_pathbyaddr(NULL,path,sizeof(path)-sizeof(HMAC_EXT));
+    if (len<=0)
+    	{
+	FIPSerr(FIPS_F_FIPS_CHECK_DSO,FIPS_R_NO_DSO_PATH);
+	return 0;
+	}
+
+    f=fopen(path,"rb");
+    if(!f)
+	{
+	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
+	return 0;
+	}
+
+    HMAC_Init(&hmac,key,strlen(key),EVP_sha1());
+    while(!feof(f))
+	{
+	n=fread(buf,1,sizeof buf,f);
+	if(ferror(f))
+	    {
+	    clearerr(f);
+	    fclose(f);
+	    FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
+	    return 0;
+	    }
+	if (n) HMAC_Update(&hmac,buf,n);
+	}
+    fclose(f);
+    HMAC_Final(&hmac,mdbuf,&n);
+    HMAC_CTX_cleanup(&hmac);
+
+    path[len-1]='.';
+    strcpy(path+len,HMAC_EXT);
+    f=fopen(path,"rb");
+    if(!f || fread(buf,1,20,f) != 20)
+	{
+	if (f) fclose(f);
+	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
+	return 0;
+	}
+    fclose(f);
+    if(memcmp(buf,mdbuf,20))
+	{
+	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_EXE_DIGEST_DOES_NOT_MATCH);
+	return 0;
+	}
+    return 1;
+    }
+#else
 static int FIPS_check_exe(const char *path)
    {
    unsigned char buf[1024];
@@ -152,9 +219,8 @@ static int FIPS_check_exe(const char *path)
    unsigned int n;
    unsigned char mdbuf[EVP_MAX_MD_SIZE];
    FILE *f;
-    static char key[]="etaonrishdlcupfm";
    HMAC_CTX hmac;
-    const char *sha1_fmt="%s.sha1";
+    const char *sha1_fmt="%s."HMAC_EXT;

    f=fopen(path,"rb");
 #ifdef __CYGWIN32__
@@ -163,7 +229,7 @@ static int FIPS_check_exe(const char *path)
       just in case the behavior changes in the future... */
    if (!f)
 	{
-	sha1_fmt="%s.exe.sha1";
+	sha1_fmt="%s.exe."HMAC_EXT;
 	BIO_snprintf(p2,sizeof p2,"%s.exe",path);
 	f=fopen(p2,"rb");
 	}
@@ -205,10 +271,10 @@ static int FIPS_check_exe(const char *path)
 	}
    return 1;
    }
+#endif

 int FIPS_mode_set(int onoff,const char *path)
    {
-    void fips_set_mode(int _onoff);
    int fips_set_owning_thread();
    int fips_clear_owning_thread();
    int ret = 0;
@@ -233,7 +299,11 @@ int FIPS_mode_set(int onoff,const char *path)
 	    goto end;
 	    }

+#ifdef OPENSSL_PIC
+	if(!FIPS_check_dso())
+#else
 	if(!FIPS_check_exe(path))
+#endif
 	    {
 	    fips_selftest_fail = 1;
 	    ret = 0;
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -58,6 +58,7 @@ extern "C" {
 struct dsa_st;

 int FIPS_mode_set(int onoff,const char *path);
+#define FIPS_init(f) FIPS_mode_set((f),NULL)
 int FIPS_mode(void);
 const void *FIPS_rand_check(void);
 int FIPS_selftest_failed(void);
@@ -108,7 +109,9 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_HASH_FINAL				 100
 #define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 114
 #define FIPS_F_RSA_GENERATE_KEY				 113
+#define FIPS_F_RSA_X931_GENERATE_KEY			 119
 #define FIPS_F_SSLEAY_RAND_BYTES			 101
+#define FIPS_F_FIPS_CHECK_DSO				 120

 /* Reason codes. */
 #define FIPS_R_CANNOT_READ_EXE				 103
@@ -116,10 +119,12 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH		 105
 #define FIPS_R_FIPS_MODE_ALREADY_SET			 102
 #define FIPS_R_FIPS_SELFTEST_FAILED			 106
+#define FIPS_R_INVALID_KEY_LENGTH			 109
+#define FIPS_R_KEY_TOO_SHORT				 108
 #define FIPS_R_NON_FIPS_METHOD				 100
 #define FIPS_R_PAIRWISE_TEST_FAILED			 107
 #define FIPS_R_SELFTEST_FAILED				 101
-#define FIPS_R_KEY_TOO_SHORT				 108
+#define FIPS_R_NO_DSO_PATH				 110

 #ifdef  __cplusplus
 }
--- a/fips/fips_err.h
+++ b/fips/fips_err.h
@@ -84,24 +84,29 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA),	"FIPS_selftest_dsa"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG),	"FIPS_selftest_rng"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_RSA),	"FIPS_selftest_rsa"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA),	"FIPS_selftest_sha"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA),	"FIPS_SELFTEST_SHA"},
 {ERR_FUNC(FIPS_F_HASH_FINAL),	"HASH_FINAL"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT),	"RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_FUNC(FIPS_F_RSA_GENERATE_KEY),	"RSA_generate_key"},
+{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY),	"RSA_X931_generate_key"},
 {ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_DSO),	"FIPS_check_dso"},
 {0,NULL}
 	};

 static ERR_STRING_DATA FIPS_str_reasons[]=
 	{
-{ERR_REASON(FIPS_R_CANNOT_READ_EXE)      ,"cannot read exe"},
-{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"},
-{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"},
+{ERR_REASON(FIPS_R_CANNOT_READ_EXE)      ,"cannot access executable object"},
+{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot access detached digest"},
+{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"detached digest verification failed"},
 {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"},
 {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"},
+{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH)   ,"invalid key length"},
+{ERR_REASON(FIPS_R_KEY_TOO_SHORT)        ,"key too short"},
 {ERR_REASON(FIPS_R_NON_FIPS_METHOD)      ,"non fips method"},
 {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
 {ERR_REASON(FIPS_R_SELFTEST_FAILED)      ,"selftest failed"},
+{ERR_REASON(FIPS_R_NO_DSO_PATH)		 ,"DSO path can't be determined"},
 {0,NULL}
 	};

@@ -109,11 +114,11 @@ static ERR_STRING_DATA FIPS_str_reasons[]=

 void ERR_load_FIPS_strings(void)
 	{
-	static int init;
+	static int init=1;

-	if (!init)
+	if (init)
 		{
-		init=1;
+		init=0;
 #ifndef OPENSSL_NO_ERR
 		ERR_load_strings(0,FIPS_str_functs);
 		ERR_load_strings(0,FIPS_str_reasons);
--- a/fips/fipshashes.c
+++ b/fips/fipshashes.c
@@ -1,8 +1,8 @@
 const char * const FIPS_source_hashes[] = {
-"HMAC-SHA1(fips.c)= 7cbbda3b9e8aec46ee31797179cb72faeef80712",
+"HMAC-SHA1(fips.c)= c5116c8f381d5981d840d240f66c8303b866f5f6",
 "HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898",
-"HMAC-SHA1(fips.h)= e85fdc2fe6ad2dbf0662691e87af4b6b240da62e",
-"HMAC-SHA1(fips_err.h)= 0b2bd6999ee5792fec3739689cde5f352789e63a",
+"HMAC-SHA1(fips.h)= c9f7bfc3cd78ef7bfcf863b92dcb6e477384e300",
+"HMAC-SHA1(fips_err.h)= f124e9f93777ca7f5bc6edd8323ffbb36625d40b",
 "HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55",
 "HMAC-SHA1(aes/asm/fips-ax86-elf.s)= f797b524a79196e7f59458a5b223432fcfd4a868",
 "HMAC-SHA1(aes/fips_aes_selftest.c)= 98b01502221e7fe529fd981222f2cbb52eb4cbe0",
@@ -14,25 +14,26 @@ const char * const FIPS_source_hashes[] = {
 "HMAC-SHA1(des/fips_des_locl.h)= e008da40dc6913e374edd66a20d44e1752f00583",
 "HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3",
 "HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
-"HMAC-SHA1(dh/fips_dh_key.c)= 0b810d411090abd6b676a7ca730c35362fbd04a4",
-"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 8bb943c0fd1adf04f6a845f4d1727c5472697e93",
+"HMAC-SHA1(dh/fips_dh_key.c)= 2d79eb8d59929ec129d34f53b5aded4a290a28ca",
+"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 2fadb271897a775f023393aa22ddede8a76eec0d",
 "HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
 "HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
 "HMAC-SHA1(rand/fips_rand.c)= 7e3964447a81cfe4e75df981827d14a5fe0c2923",
 "HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
-"HMAC-SHA1(rand/fips_rand_selftest.c)= d9c8985e08feecefafe667ad0119d444b42f807c",
-"HMAC-SHA1(rsa/fips_rsa_eay.c)= 2596773a7af8f037427217b79f56858296961d66",
-"HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3",
+"HMAC-SHA1(rand/fips_rand_selftest.c)= 5661f383decf0708d0230409fe1564223e834a3b",
+"HMAC-SHA1(rsa/fips_rsa_eay.c)= 2512f849a220daa083f346b10effdb2ee96d4395",
+"HMAC-SHA1(rsa/fips_rsa_gen.c)= 577466931c054d99caf4ac2aefff0e35efd94024",
 "HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
-"HMAC-SHA1(sha1/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
-"HMAC-SHA1(sha1/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97",
-"HMAC-SHA1(sha1/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
-"HMAC-SHA1(sha1/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
-"HMAC-SHA1(sha1/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
-"HMAC-SHA1(sha1/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
-"HMAC-SHA1(sha1/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
-"HMAC-SHA1(sha1/fips_sha256.c)= 826e768677e67b7c87dfc9e084245b619804d01c",
-"HMAC-SHA1(sha1/fips_sha512.c)= 27e16912ff196982425c00fe266fa84ef4f48fcd",
+"HMAC-SHA1(rsa/fips_rsa_x931g.c)= 1827d381bb21c53a38a7194cb1c428a2b5f1e3ab",
+"HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
+"HMAC-SHA1(sha/fips_standalone_sha1.c)= 46a66875e68398eabca2e933958a2d865149ca1b",
+"HMAC-SHA1(sha/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
+"HMAC-SHA1(sha/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
+"HMAC-SHA1(sha/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
+"HMAC-SHA1(sha/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
+"HMAC-SHA1(sha/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
+"HMAC-SHA1(sha/fips_sha256.c)= 97e6dee22a1fe993cc48aa8ff37af10701d7f599",
+"HMAC-SHA1(sha/fips_sha512.c)= 74e6ef26de96f774d233888b831289e69834dd79",
 "HMAC-SHA1(hmac/fips_hmac.c)= a477cec1da76c0092979c4a875b6469339bff7ef",
 "HMAC-SHA1(hmac/fips_hmac_selftest.c)= ebb32b205babf4300017de767fd6e3f1879765c9",
 };
--- a/fips/hmac/Makefile
+++ b/fips/hmac/Makefile
@@ -62,20 +62,13 @@ tags:

 tests:

-top_fips_hmactest:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_hmactest sub_target)
-
-fips_hmactest: fips_hmactest.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_hmactest fips_hmactest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_hmactest
-
 Q=../testvectors/hmac/req
 A=../testvectors/hmac/rsp

-fips_test: top top_fips_hmactest
+fips_test:
 	-rm -rf $(A)
 	mkdir $(A)
-	./fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp
+	if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
--- a/fips/hmac/fips_hmactest.c
+++ b/fips/hmac/fips_hmactest.c
@@ -250,12 +250,16 @@ int hmac_test(BIO *err, const EVP_MD *md, BIO *out, BIO *in)
 			if (Msg)
 				goto parse_error;
 			Msg = string_to_hex(value, &Msglen);
+			if (!Msg)
+				goto parse_error;
 			}
 		else if (!strcmp(keyword, "Key"))
 			{
 			if (Key)
 				goto parse_error;
 			Key = string_to_hex(value, &Keylen);
+			if (!Key)
+				goto parse_error;
 			}
 		else if (!strcmp(keyword, "Mac"))
 			continue;
--- a/fips/install.com
+++ b/fips/install.com
@@ -26,14 +26,16 @@ $	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
 $	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
 	   CREATE/DIR/LOG WRK_SSLINCLUDE:
 $
-$	FDIRS := ,RAND,SHA1,DES,AES,DSA,RSA
+$	FDIRS := ,RAND,SHA1,DES,AES,DSA,RSA,DH,HMAC
 $	EXHEADER_ := fips.h
-$	EXHEADER_SHA1 :=
+$	EXHEADER_SHA := fips_sha.h
 $	EXHEADER_RAND := fips_rand.h
 $	EXHEADER_DES :=
 $	EXHEADER_AES :=
 $	EXHEADER_DSA :=
 $	EXHEADER_RSA :=
+$	EXHEADER_DH :=
+$	EXHEADER_HMAC :=
 $
 $	I = 0
 $ LOOP_FDIRS: 
--- a/fips/openssl_fips_fingerprint
+++ b/fips/openssl_fips_fingerprint
@@ -5,6 +5,7 @@

 lib=$1
 exe=$2
+ext=${HMAC_EXT:-sha1}

 # deal with the case where we're run from within the build and OpenSSL is
 # not yet installed.  Also, make sure LD_LIBRARY_PATH is properly set in
@@ -27,4 +28,4 @@ openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1
 [ -x $exe.exe ] && exe=$exe.exe

 echo "Making fingerprint for $exe"
-openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.sha1 || rm $exe.sha1
+openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.$ext || rm $exe.$ext
--- a/fips/rand/Makefile
+++ b/fips/rand/Makefile
@@ -18,7 +18,7 @@ AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)

 GENERAL=Makefile
-TEST= fips_randtest.c
+TEST= fips_randtest.c fips_rngvs.c
 APPS=

 LIB=$(TOP)/libcrypto.a
@@ -62,21 +62,14 @@ tags:

 tests:

-top_fips_rngvs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rngvs sub_target)
-
-fips_rngvs: fips_rngvs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_rngvs fips_rngvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rngvs
-
 Q=../testvectors/rng/req
 A=../testvectors/rng/rsp

-fips_test: top_fips_rngvs
+fips_test:
 	-rm -rf $(A)
 	mkdir $(A)
-	./fips_rngvs mct < $(Q)/MCT.req > $(A)/MCT.rsp
-	./fips_rngvs vst < $(Q)/VST.req > $(A)/VST.rsp
+	if [ -f $(Q)/ANSI931_TDES2MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_TDES2MCT.req > $(A)/ANSI931_TDES2MCT.rsp; fi
+	if [ -f $(Q)/ANSI931_TDES2VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_TDES2VST.req > $(A)/ANSI931_TDES2VST.rsp; fi

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
--- a/fips/rand/fips_rand_selftest.c
+++ b/fips/rand/fips_rand_selftest.c
@@ -1,120 +1,120 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-
-#ifdef OPENSSL_FIPS
-static struct
-    {
-    unsigned char key1[8];
-    unsigned char key2[8];
-    unsigned char seed[8];
-    unsigned char dt[8];
-    } init_iv[] =
-    {
-    { 
-    { 0x75, 0xc7, 0x1a, 0xe5, 0xa1, 0x1a, 0x23, 0x2c },
-    { 0x40, 0x25, 0x6d, 0xcd, 0x94, 0xf7, 0x67, 0xb0 },
-    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0xc8, 0x9a, 0x1d, 0x88, 0x8e, 0xd1, 0x2f, 0x3c },
-    },
-    {
-    { 0x75, 0xc7, 0x1a, 0xe5, 0xa1, 0x1a, 0x23, 0x2c },
-    { 0x40, 0x25, 0x6d, 0xcd, 0x94, 0xf7, 0x67, 0xb0 },
-    { 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0xc8, 0x9a, 0x1d, 0x88, 0x8e, 0xd1, 0x2f, 0x40 },
-    },
-    {
-    { 0x75, 0xc7, 0x1a, 0xe5, 0xa1, 0x1a, 0x23, 0x2c },
-    { 0x40, 0x25, 0x6d, 0xcd, 0x94, 0xf7, 0x67, 0xb0 },
-    { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
-    { 0xc8, 0x9a, 0x1d, 0x88, 0x8e, 0xd1, 0x2f, 0x7b },
-    },
-    };
-
-static const unsigned char expected_ret[][8]=
-    {
-    { 0x94, 0x4d, 0xc7, 0x21, 0x0d, 0x6d, 0x7f, 0xd7 },
-    { 0x02, 0x43, 0x3c, 0x94, 0x17, 0xa3, 0x32, 0x6f },
-    { 0xe7, 0xe2, 0xb2, 0x96, 0x4f, 0x36, 0xed, 0x41 },
-    };
-
-void FIPS_corrupt_rng()
-    {
-    init_iv[0].dt[0]++;
-    }
-
-int FIPS_selftest_rng()
-    {
-    int n;
-
-    for(n=0 ; n < 3 ; ++n)
-	{
-	unsigned char actual_ret[8];
-
-	FIPS_rand_method()->cleanup();
-	FIPS_set_prng_key(init_iv[n].key1,init_iv[n].key2); 
-	FIPS_rand_seed(init_iv[n].seed,8);
-	FIPS_test_mode(1,init_iv[n].dt);
-	if ((FIPS_rand_method()->bytes(actual_ret, 8) <=0) || (memcmp(actual_ret,expected_ret[n],sizeof actual_ret)))
-	    {
-    	    FIPS_test_mode(0,NULL);
-	    FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
-	    return 0;
-	    }
-	}
-    FIPS_test_mode(0,NULL);
-    return 1;
-    }
-
-#endif
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+
+#ifdef OPENSSL_FIPS
+static struct
+    {
+    unsigned char key1[8];
+    unsigned char key2[8];
+    unsigned char seed[8];
+    unsigned char dt[8];
+    } init_iv[] =
+    {
+    { 
+    { 0x75, 0xc7, 0x1a, 0xe5, 0xa1, 0x1a, 0x23, 0x2c },
+    { 0x40, 0x25, 0x6d, 0xcd, 0x94, 0xf7, 0x67, 0xb0 },
+    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+    { 0xc8, 0x9a, 0x1d, 0x88, 0x8e, 0xd1, 0x2f, 0x3c },
+    },
+    {
+    { 0x75, 0xc7, 0x1a, 0xe5, 0xa1, 0x1a, 0x23, 0x2c },
+    { 0x40, 0x25, 0x6d, 0xcd, 0x94, 0xf7, 0x67, 0xb0 },
+    { 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+    { 0xc8, 0x9a, 0x1d, 0x88, 0x8e, 0xd1, 0x2f, 0x40 },
+    },
+    {
+    { 0x75, 0xc7, 0x1a, 0xe5, 0xa1, 0x1a, 0x23, 0x2c },
+    { 0x40, 0x25, 0x6d, 0xcd, 0x94, 0xf7, 0x67, 0xb0 },
+    { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
+    { 0xc8, 0x9a, 0x1d, 0x88, 0x8e, 0xd1, 0x2f, 0x7b },
+    },
+    };
+
+static const unsigned char expected_ret[][8]=
+    {
+    { 0x94, 0x4d, 0xc7, 0x21, 0x0d, 0x6d, 0x7f, 0xd7 },
+    { 0x02, 0x43, 0x3c, 0x94, 0x17, 0xa3, 0x32, 0x6f },
+    { 0xe7, 0xe2, 0xb2, 0x96, 0x4f, 0x36, 0xed, 0x41 },
+    };
+
+void FIPS_corrupt_rng()
+    {
+    init_iv[0].dt[0]++;
+    }
+
+int FIPS_selftest_rng()
+    {
+    int n;
+
+    for(n=0 ; n < 3 ; ++n)
+	{
+	unsigned char actual_ret[8];
+
+	FIPS_rand_method()->cleanup();
+	FIPS_set_prng_key(init_iv[n].key1,init_iv[n].key2); 
+	FIPS_rand_seed(init_iv[n].seed,8);
+	FIPS_test_mode(1,init_iv[n].dt);
+	if ((FIPS_rand_method()->bytes(actual_ret, 8) <=0) || (memcmp(actual_ret,expected_ret[n],sizeof actual_ret)))
+	    {
+    	    FIPS_test_mode(0,NULL);
+	    FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
+	    return 0;
+	    }
+	}
+    FIPS_test_mode(0,NULL);
+    return 1;
+    }
+
+#endif
--- a/fips/rand/fips_rngvs.c
+++ b/fips/rand/fips_rngvs.c
@@ -1,222 +1,234 @@
-/*
- * Crude test driver for processing the VST and MCT testvector files generated by the CMVP
- * RNGVS product.
- *
- * Note the input files are assumed to have a _very_ specific format as described in the
- * NIST document "The Random Number Generator Validation System (RNGVS)", May 25, 2004.
- *
-*/
-
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include <string.h>
-
-int hex2bin(const char *in, unsigned char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
-	{ /* first byte */
-	if ((in[n1] >= '0') && (in[n1] <= '9'))
-	    ch = in[n1++] - '0';
-	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-	    ch = in[n1++] - 'A' + 10;
-	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-	    ch = in[n1++] - 'a' + 10;
-	else
-	    return -1;
-	if(!in[n1])
-	    {
-	    out[n2++]=ch;
-	    break;
-	    }
-	out[n2] = ch << 4;
-	/* second byte */
-	if ((in[n1] >= '0') && (in[n1] <= '9'))
-	    ch = in[n1++] - '0';
-	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-	    ch = in[n1++] - 'A' + 10;
-	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-	    ch = in[n1++] - 'a' + 10;
-	else
-	    return -1;
-	out[n2++] |= ch;
-	}
-    return n2;
-    }
-
-int bin2hex(const unsigned char *in,int len,char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1=0,n2=0 ; n1 < len ; ++n1)
-	{
-	ch=in[n1] >> 4;
-	if (ch <= 0x09)
-	    out[n2++]=ch+'0';
-	else
-	    out[n2++]=ch-10+'a';
-	ch=in[n1] & 0x0f;
-	if(ch <= 0x09)
-	    out[n2++]=ch+'0';
-	else
-	    out[n2++]=ch-10+'a';
-	}
-    out[n2]='\0';
-    return n2;
-    }
-
-void pv(const char *tag,const unsigned char *val,int len)
-    {
-    char obuf[2048];
-
-    bin2hex(val,len,obuf);
-    printf("%s = %s\n",tag,obuf);
-    }
-
-void vst()
-    {
-    unsigned char key1[8];
-    unsigned char key2[8];
-    unsigned char v[8];
-    unsigned char dt[8];
-    unsigned char ret[8];
-    char buf[1024];
-    int n;
-
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-	{
-	if(!strncmp(buf,"Key1 = ",7))
-	    {
-	    n=hex2bin(buf+7,key1);
-	    pv("Key1",key1,n);
-	    }
-	else if(!strncmp(buf,"Key2 = ",7))
-	    {
-	    n=hex2bin(buf+7,key2);
-	    pv("Key1",key2,n);
-	    }
-	else if(!strncmp(buf,"DT = ",5))
-	    {
-	    n=hex2bin(buf+5,dt);
-	    pv("DT",dt,n);
-	    }
-	else if(!strncmp(buf,"V = ",4))
-	    {
-	    n=hex2bin(buf+4,v);
-	    pv("V",v,n);
-
-	    FIPS_rand_method()->cleanup();
-	    FIPS_set_prng_key(key1,key2);
-	    FIPS_rand_seed(v,8);
-	    FIPS_test_mode(1,dt);
-	    if (FIPS_rand_method()->bytes(ret,8) <= 0)
-	        {
-	        FIPS_test_mode(0,NULL);
-	        FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
-	        return;
-	        }
-
-	    pv("R",ret,8);
-	    putc('\n',stdout);
-	    }
-	else
-	    fputs(buf,stdout);
-	}
-    }
-
-
-void mct()
-    {
-    unsigned char key1[8];
-    unsigned char key2[8];
-    unsigned char v[8];
-    unsigned char dt[8];
-    unsigned char ret[8];
-    char buf[1024];
-    int n;
-
-    BIGNUM *bn;
-    BIGNUM *pbn;
-    bn = BN_new();
-
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-	{
-	if(!strncmp(buf,"Key1 = ",7))
-	    {
-	    n=hex2bin(buf+7,key1);
-	    pv("Key1",key1,n);
-	    }
-	else if(!strncmp(buf,"Key2 = ",7))
-	    {
-	    n=hex2bin(buf+7,key2);
-	    pv("Key1",key2,n);
-	    }
-	else if(!strncmp(buf,"DT = ",5))
-	    {
-	    n=hex2bin(buf+5,dt);
-	    pv("DT",dt,n);
-	    }
-	else if(!strncmp(buf,"V = ",4))
-	    {
-	    int iter;
-	    n=hex2bin(buf+4,v);
-	    pv("V",v,n);
-
-	    FIPS_rand_method()->cleanup();
-	    FIPS_set_prng_key(key1,key2);
-	    FIPS_rand_seed(v,8);
-	    for (iter=0; iter < 10000; ++iter)
-		{
-	        FIPS_test_mode(1,dt);
-		if (FIPS_rand_method()->bytes(ret,8) <= 0)
-		    {
-		    FIPS_test_mode(0,NULL);
-		    FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
-		    return;
-		    }
-		pbn = BN_bin2bn(dt,8,bn);
-		n = BN_add(bn,bn,BN_value_one());
-		n = BN_bn2bin(bn,dt);
-		}
-
-	    pv("R",ret,8);
-	    putc('\n',stdout);
-	    }
-	else
-	    fputs(buf,stdout);
-	}
-    BN_free(bn);
-    }
-
-int main(int argc,char **argv)
-    {
-    if(argc != 2)
-	{
-	fprintf(stderr,"%s [mct|vst]\n",argv[0]);
-	exit(1);
-	}
-    if(!FIPS_mode_set(1,argv[0]))
-	{
-	ERR_load_crypto_strings();
-	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-	exit(1);
-	}
-    if(!strcmp(argv[1],"mct"))
-	mct();
-    else if(!strcmp(argv[1],"vst"))
-	vst();
-    else
-	{
-	fprintf(stderr,"Don't know how to %s.\n",argv[1]);
-	exit(1);
-	}
-
-    return 0;
-    }
+/*
+ * Crude test driver for processing the VST and MCT testvector files
+ * generated by the CMVP RNGVS product.
+ *
+ * Note the input files are assumed to have a _very_ specific format
+ * as described in the NIST document "The Random Number Generator
+ * Validation System (RNGVS)", May 25, 2004.
+ *
+ */
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+int main()
+{
+    printf("No FIPS RNG support\n");
+    return 0;
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <string.h>
+
+int hex2bin(const char *in, unsigned char *out)
+    {
+    int n1, n2;
+    unsigned char ch;
+
+    for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
+	{ /* first byte */
+	if ((in[n1] >= '0') && (in[n1] <= '9'))
+	    ch = in[n1++] - '0';
+	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+	    ch = in[n1++] - 'A' + 10;
+	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+	    ch = in[n1++] - 'a' + 10;
+	else
+	    return -1;
+	if(!in[n1])
+	    {
+	    out[n2++]=ch;
+	    break;
+	    }
+	out[n2] = ch << 4;
+	/* second byte */
+	if ((in[n1] >= '0') && (in[n1] <= '9'))
+	    ch = in[n1++] - '0';
+	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+	    ch = in[n1++] - 'A' + 10;
+	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+	    ch = in[n1++] - 'a' + 10;
+	else
+	    return -1;
+	out[n2++] |= ch;
+	}
+    return n2;
+    }
+
+int bin2hex(const unsigned char *in,int len,char *out)
+    {
+    int n1, n2;
+    unsigned char ch;
+
+    for (n1=0,n2=0 ; n1 < len ; ++n1)
+	{
+	ch=in[n1] >> 4;
+	if (ch <= 0x09)
+	    out[n2++]=ch+'0';
+	else
+	    out[n2++]=ch-10+'a';
+	ch=in[n1] & 0x0f;
+	if(ch <= 0x09)
+	    out[n2++]=ch+'0';
+	else
+	    out[n2++]=ch-10+'a';
+	}
+    out[n2]='\0';
+    return n2;
+    }
+
+void pv(const char *tag,const unsigned char *val,int len)
+    {
+    char obuf[2048];
+
+    bin2hex(val,len,obuf);
+    printf("%s = %s\n",tag,obuf);
+    }
+
+void vst()
+    {
+    unsigned char key1[8];
+    unsigned char key2[8];
+    unsigned char v[8];
+    unsigned char dt[8];
+    unsigned char ret[8];
+    char buf[1024];
+    int n;
+
+    while(fgets(buf,sizeof buf,stdin) != NULL)
+	{
+	if(!strncmp(buf,"Key1 = ",7))
+	    {
+	    n=hex2bin(buf+7,key1);
+	    pv("Key1",key1,n);
+	    }
+	else if(!strncmp(buf,"Key2 = ",7))
+	    {
+	    n=hex2bin(buf+7,key2);
+	    pv("Key1",key2,n);
+	    }
+	else if(!strncmp(buf,"DT = ",5))
+	    {
+	    n=hex2bin(buf+5,dt);
+	    pv("DT",dt,n);
+	    }
+	else if(!strncmp(buf,"V = ",4))
+	    {
+	    n=hex2bin(buf+4,v);
+	    pv("V",v,n);
+
+	    FIPS_rand_method()->cleanup();
+	    FIPS_set_prng_key(key1,key2);
+	    FIPS_rand_seed(v,8);
+	    FIPS_test_mode(1,dt);
+	    if (FIPS_rand_method()->bytes(ret,8) <= 0)
+	        {
+	        FIPS_test_mode(0,NULL);
+	        FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
+	        return;
+	        }
+
+	    pv("R",ret,8);
+	    putc('\n',stdout);
+	    }
+	else
+	    fputs(buf,stdout);
+	}
+    }
+
+
+void mct()
+    {
+    unsigned char key1[8];
+    unsigned char key2[8];
+    unsigned char v[8];
+    unsigned char dt[8];
+    unsigned char ret[8];
+    char buf[1024];
+    int n;
+
+    BIGNUM *bn;
+    BIGNUM *pbn;
+    bn = BN_new();
+
+    while(fgets(buf,sizeof buf,stdin) != NULL)
+	{
+	if(!strncmp(buf,"Key1 = ",7))
+	    {
+	    n=hex2bin(buf+7,key1);
+	    pv("Key1",key1,n);
+	    }
+	else if(!strncmp(buf,"Key2 = ",7))
+	    {
+	    n=hex2bin(buf+7,key2);
+	    pv("Key1",key2,n);
+	    }
+	else if(!strncmp(buf,"DT = ",5))
+	    {
+	    n=hex2bin(buf+5,dt);
+	    pv("DT",dt,n);
+	    }
+	else if(!strncmp(buf,"V = ",4))
+	    {
+	    int iter;
+	    n=hex2bin(buf+4,v);
+	    pv("V",v,n);
+
+	    FIPS_rand_method()->cleanup();
+	    FIPS_set_prng_key(key1,key2);
+	    FIPS_rand_seed(v,8);
+	    for (iter=0; iter < 10000; ++iter)
+		{
+	        FIPS_test_mode(1,dt);
+		if (FIPS_rand_method()->bytes(ret,8) <= 0)
+		    {
+		    FIPS_test_mode(0,NULL);
+		    FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
+		    return;
+		    }
+		pbn = BN_bin2bn(dt,8,bn);
+		n = BN_add(bn,bn,BN_value_one());
+		n = BN_bn2bin(bn,dt);
+		}
+
+	    pv("R",ret,8);
+	    putc('\n',stdout);
+	    }
+	else
+	    fputs(buf,stdout);
+	}
+    BN_free(bn);
+    }
+
+int main(int argc,char **argv)
+    {
+    if(argc != 2)
+	{
+	fprintf(stderr,"%s [mct|vst]\n",argv[0]);
+	exit(1);
+	}
+    if(!FIPS_mode_set(1,argv[0]))
+	{
+	ERR_load_crypto_strings();
+	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+	exit(1);
+	}
+    if(!strcmp(argv[1],"mct"))
+	mct();
+    else if(!strcmp(argv[1],"vst"))
+	vst();
+    else
+	{
+	fprintf(stderr,"Don't know how to %s.\n",argv[1]);
+	exit(1);
+	}
+
+    return 0;
+    }
+#endif
--- a/fips/rsa/Makefile
+++ b/fips/rsa/Makefile
@@ -18,12 +18,12 @@ AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)

 GENERAL=Makefile
-TEST= fips_rsavtest.c fips_rsastest.c
+TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c
 APPS=

 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c
-LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o
+LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c fips_rsa_x931g.c
+LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o fips_rsa_x931g.o

 SRC= $(LIBSRC)

@@ -62,28 +62,23 @@ tags:

 tests:

-top_fips_rsastest:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsastest sub_target)
-
-top_fips_rsavtest:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsavtest sub_target)
-
-fips_rsastest: fips_rsastest.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_rsastest fips_rsastest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsastest
-
-fips_rsavtest: fips_rsavtest.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_rsavtest fips_rsavtest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsavtest
-
 Q=../testvectors/rsa/req
 A=../testvectors/rsa/rsp
+Q62=../testvectors/rsa_salt_62/req
+A62=../testvectors/rsa_salt_62/rsp

-fips_test: top top_fips_rsastest top_fips_rsavtest
-	-rm -rf $(A)
-	mkdir $(A)
-	./fips_rsastest < $(Q)/SigGen15.req > $(A)/SigGen15.rsp
-	./fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp
+fips_test:
+	-rm -rf $(A) $(A62)
+	mkdir $(A) $(A62)
+	if [ -f $(Q)/SigGen15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest < $(Q)/SigGen15.req  > $(A)/SigGen15.rsp; fi
+	if [ -f $(Q)/SigVer15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp; fi
+	if [ -f $(Q)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 0 < $(Q)/SigGenPSS.req > $(A)/SigGenPSS.rsp; fi
+	if [ -f $(Q)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 0 < $(Q)/SigVerPSS.req > $(A)/SigVerPSS.rsp; fi
+	if [ -f $(Q)/SigGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -x931 < $(Q)/SigGenRSA.req > $(A)/SigGenRSA.rsp; fi
+	if [ -f $(Q)/SigVerRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -x931 < $(Q)/SigVerRSA.req > $(A)/SigVerRSA.rsp; fi
+	if [ -f $(Q62)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 62 < $(Q62)/SigGenPSS.req >$(A62)/SigGenPSS.rsp; fi
+	if [ -f $(Q62)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 62 <$(Q62)/SigVerPSS.req >$(A62)/SigVerPSS.rsp; fi
+	if [ -f $(Q)/KeyGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsagtest < $(Q)/KeyGenRSA.req > $(A)/KeyGenRSA.rsp; fi

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
--- a/fips/rsa/fips_rsa_eay.c
+++ b/fips/rsa/fips_rsa_eay.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */

 #include <stdio.h>
 #include <openssl/err.h>
@@ -240,7 +293,7 @@ err:
 static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
-	BIGNUM f,ret;
+	BIGNUM f,ret, *res;
 	int i,j,k,num=0,r= -1;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
@@ -266,6 +319,9 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
 	case RSA_NO_PADDING:
 		i=RSA_padding_add_none(buf,num,from,flen);
 		break;
+	case RSA_X931_PADDING:
+		i=RSA_padding_add_X931(buf,num,from,flen);
+		break;
 	case RSA_SSLV23_PADDING:
 	default:
 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
@@ -322,19 +378,43 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
 		(rsa->iqmp != NULL)) )
-		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+		{ 
+		if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+		}
 	else
 		{
-		if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+		BIGNUM local_d;
+		BIGNUM *d = NULL;
+		
+		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+			{
+			BN_init(&local_d);
+			d = &local_d;
+			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+			}
+		else
+			d = rsa->d;
+		if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
 		}

 	if (blinding)
 		if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;

+	if (padding == RSA_X931_PADDING)
+		{
+		BN_sub(&f, rsa->n, &ret);
+		if (BN_cmp(&ret, &f))
+			res = &f;
+		else
+			res = &ret;
+		}
+	else
+		res = &ret;
+
 	/* put in leading 0 bytes if the number is less than the
 	 * length of the modulus */
-	j=BN_num_bytes(&ret);
-	i=BN_bn2bin(&ret,&(to[num-j]));
+	j=BN_num_bytes(res);
+	i=BN_bn2bin(res,&(to[num-j]));
 	for (k=0; k<(num-i); k++)
 		to[k]=0;

@@ -435,10 +515,22 @@ static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
 		(rsa->iqmp != NULL)) )
-		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+		{
+		if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+		}
 	else
 		{
-		if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+		BIGNUM local_d;
+		BIGNUM *d = NULL;
+		
+		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+			{
+			d = &local_d;
+			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+			}
+		else
+			d = rsa->d;
+		if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
 			goto err;
 		}

@@ -536,6 +628,9 @@ static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fro
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
 		rsa->_method_mod_n)) goto err;

+	if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
+		BN_sub(&ret, rsa->n, &ret);
+
 	p=buf;
 	i=BN_bn2bin(&ret,p);

@@ -544,6 +639,9 @@ static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fro
 	case RSA_PKCS1_PADDING:
 		r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
 		break;
+	case RSA_X931_PADDING:
+		r=RSA_padding_check_X931(to,num,buf,i,num);
+		break;
 	case RSA_NO_PADDING:
 		r=RSA_padding_check_none(to,num,buf,i,num);
 		break;
@@ -569,6 +667,8 @@ err:
 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	{
 	BIGNUM r1,m1,vrfy;
+	BIGNUM local_dmp1, local_dmq1;
+	BIGNUM *dmp1, *dmq1;
 	int ret=0;
 	BN_CTX *ctx;

@@ -577,7 +677,6 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	BN_init(&vrfy);
 	if ((ctx=BN_CTX_new()) == NULL) goto err;

-
 	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
 		{
 		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
@@ -589,11 +688,25 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 		}

 	if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-	if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+	if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+		{
+		dmq1 = &local_dmq1;
+		BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
+		}
+	else
+		dmq1 = rsa->dmq1;
+	if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
 		rsa->_method_mod_q)) goto err;

 	if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-	if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+	if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+		{
+		dmp1 = &local_dmp1;
+		BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
+		}
+	else
+		dmp1 = rsa->dmp1;
+	if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
 		rsa->_method_mod_p)) goto err;

 	if (!BN_sub(r0,r0,&m1)) goto err;
@@ -628,10 +741,23 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 		if (vrfy.neg)
 			if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
 		if (!BN_is_zero(&vrfy))
+			{
 			/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
 			 * miscalculated CRT output, just do a raw (slower)
 			 * mod_exp and return that instead. */
-			if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+
+			BIGNUM local_d;
+			BIGNUM *d = NULL;
+		
+			if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+				{
+				d = &local_d;
+				BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+				}
+			else
+				d = rsa->d;
+			if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
+			}
 		}
 	ret=1;
 err:
--- a/fips/rsa/fips_rsa_gen.c
+++ b/fips/rsa/fips_rsa_gen.c
@@ -68,7 +68,7 @@ void *OPENSSL_stderr(void);

 #ifdef OPENSSL_FIPS

-static int fips_check_rsa(RSA *rsa)
+int fips_check_rsa(RSA *rsa)
    {
    int n, ret = 0;
    unsigned char tctext[256], *ctext = tctext;
--- a/fips/rsa/fips_rsa_x931g.c
+++ b/fips/rsa/fips_rsa_x931g.c
@@ -0,0 +1,289 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+extern int fips_check_rsa(RSA *rsa);
+
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+			const BIGNUM *e)
+	{
+	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
+	BN_CTX *ctx=NULL,*ctx2=NULL;
+
+	if (!rsa) 
+		goto err;
+
+	ctx = BN_CTX_new();
+	BN_CTX_start(ctx);
+	if (!ctx) 
+		goto err;
+
+	r0 = BN_CTX_get(ctx);
+	r1 = BN_CTX_get(ctx);
+	r2 = BN_CTX_get(ctx);
+	r3 = BN_CTX_get(ctx);
+
+	if (r3 == NULL)
+		goto err;
+	if (!rsa->e)
+		{
+		rsa->e = BN_dup(e);
+		if (!rsa->e)
+			goto err;
+		}
+	else
+		e = rsa->e;
+
+	/* If not all parameters present only calculate what we can.
+	 * This allows test programs to output selective parameters.
+	 */
+
+	if (Xp && !rsa->p)
+		{
+		rsa->p = BN_new();
+		if (!rsa->p)
+			goto err;
+
+		if (!BN_X931_derive_prime(rsa->p, p1, p2, cb, cb_arg,
+					Xp, Xp1, Xp2, e, ctx))
+			goto err;
+		}
+
+	if (Xq && !rsa->q)
+		{
+		rsa->q = BN_new();
+		if (!rsa->q)
+			goto err;
+		if (!BN_X931_derive_prime(rsa->q, q1, q2, cb, cb_arg,
+					Xq, Xq1, Xq2, e, ctx))
+			goto err;
+		}
+
+	if (!rsa->p || !rsa->q)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		return 2;
+		}
+
+	/* Since both primes are set we can now calculate all remaining 
+	 * components.
+	 */
+
+	/* calculate n */
+	rsa->n=BN_new();
+	if (rsa->n == NULL)
+		goto err;
+	if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
+		goto err;
+
+	/* calculate d */
+	if (!BN_sub(r1,rsa->p,BN_value_one()))
+		goto err;	/* p-1 */
+	if (!BN_sub(r2,rsa->q,BN_value_one()))
+		goto err;	/* q-1 */
+	if (!BN_mul(r0,r1,r2,ctx))
+		goto err;	/* (p-1)(q-1) */
+
+	if (!BN_gcd(r3, r1, r2, ctx))
+		goto err;
+
+	if (!BN_div(r0, NULL, r0, r3, ctx))
+		goto err;	/* LCM((p-1)(q-1)) */
+
+	ctx2 = BN_CTX_new();
+	if (!ctx2)
+		goto err;
+
+	rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);	/* d */
+	if (rsa->d == NULL)
+		goto err;
+
+	/* calculate d mod (p-1) */
+	rsa->dmp1=BN_new();
+	if (rsa->dmp1 == NULL)
+		goto err;
+	if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
+		goto err;
+
+	/* calculate d mod (q-1) */
+	rsa->dmq1=BN_new();
+	if (rsa->dmq1 == NULL)
+		goto err;
+	if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
+		goto err;
+
+	/* calculate inverse of q mod p */
+	rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
+
+	err:
+	if (ctx)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
+	if (ctx2)
+		BN_CTX_free(ctx2);
+	/* If this is set all calls successful */
+	if (rsa->iqmp != NULL)
+		return 1;
+
+	return 0;
+
+	}
+
+RSA *RSA_X931_generate_key(FIPS_RSA_SIZE_T bits, const BIGNUM *e,
+	     void (*cb)(int,int,void *), void *cb_arg)
+	{
+	RSA *rsa = NULL;
+	int ok = 0;
+	BIGNUM *Xp = NULL, *Xq = NULL;
+	BN_CTX *ctx = NULL;
+	
+	if (bits < 1024)
+	    {
+	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_KEY_TOO_SHORT);
+	    return NULL;
+	    }
+
+	if (bits & 0xff)
+	    {
+	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_INVALID_KEY_LENGTH);
+	    return NULL;
+	    }
+
+	if(FIPS_selftest_failed())
+	    {
+	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
+	    return NULL;
+	    }
+
+	ctx = BN_CTX_new();
+	if (!ctx)
+		goto error;
+
+	BN_CTX_start(ctx);
+	Xp = BN_CTX_get(ctx);
+	Xq = BN_CTX_get(ctx);
+	if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+		goto error;
+
+	rsa = RSA_new();
+	if (!rsa)
+		goto error;
+	rsa->p = BN_new();
+	rsa->q = BN_new();
+	if (!rsa->p || !rsa->q)
+		goto error;
+
+	/* Generate two primes from Xp, Xq */
+
+	if (!BN_X931_generate_prime(rsa->p, NULL, NULL, NULL, NULL, Xp,
+					e, ctx, cb, cb_arg))
+		goto error;
+
+	if (!BN_X931_generate_prime(rsa->q, NULL, NULL, NULL, NULL, Xq,
+					e, ctx, cb, cb_arg))
+		goto error;
+
+	/* Since rsa->p and rsa->q are valid this call will just derive
+	 * remaining RSA components.
+	 */
+
+	if (!RSA_X931_derive(rsa, NULL, NULL, NULL, NULL, cb, cb_arg,
+				NULL, NULL, NULL, NULL, NULL, NULL, e))
+		goto error;
+
+	if(!fips_check_rsa(rsa))
+	    goto error;
+
+	ok = 1;
+
+	error:
+	if (ctx)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
+
+	if (ok)
+		return rsa;
+
+	if (rsa)
+		RSA_free(rsa);
+
+	return NULL;
+
+	}
+
+#endif
--- a/fips/rsa/fips_rsagtest.c
+++ b/fips/rsa/fips_rsagtest.c
@@ -0,0 +1,420 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS RSA support\n");
+    return(0);
+}
+
+#else
+
+extern int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+			const BIGNUM *e);
+
+int rsa_test(BIO *err, BIO *out, BIO *in);
+static int rsa_printkey1(BIO *err, BIO *out, RSA *rsa,
+		BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+		BIGNUM *e);
+static int rsa_printkey2(BIO *err, BIO *out, RSA *rsa,
+		BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *err = NULL;
+
+	int ret = 1;
+	ERR_load_crypto_strings();
+
+	err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!err)
+		{
+		fprintf(stderr, "FATAL stderr initialization error\n");
+		goto end;
+		}
+
+	if(!FIPS_mode_set(1,argv[0]))
+		{
+		ERR_print_errors(err);
+		goto end;
+		}
+
+	if (argc == 1)
+		in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	else
+		in = BIO_new_file(argv[1], "r");
+
+	if (argc < 2)
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	else
+		out = BIO_new_file(argv[2], "w");
+
+	if (!in)
+		{
+		BIO_printf(err, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!rsa_test(err, out, in))
+		{
+		fprintf(stderr, "FATAL RSAVTEST file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (ret && err)
+		ERR_print_errors(err);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (err)
+		BIO_free(err);
+
+	return ret;
+
+	}
+
+
+static void do_bn_print(BIO *out, const char *name, BIGNUM *b)
+	{
+	char *htmp, *p;
+	/* Can't use BN_print_fp because it uses upper case so
+	 * use BN_bn2hex() and convert.
+	 */
+	htmp = BN_bn2hex(b);
+	for(p = htmp; *p; p++)
+		{
+		if (isupper(*p))
+			*p = tolower(*p);
+		}
+	BIO_printf(out, "%s = %s\n", name, htmp);
+	OPENSSL_free(htmp);
+	}
+
+#define RSA_TEST_MAXLINELEN	10240
+
+int rsa_test(BIO *err, BIO *out, BIO *in)
+	{
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	RSA *rsa = NULL;
+	BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
+	BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
+	BIGNUM *e = NULL;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+	while (BIO_gets(in, olinebuf, RSA_TEST_MAXLINELEN) > 0)
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [foo = bar] line) just copy */
+		if (!p || *keyword=='[')
+			{
+			if (!BIO_puts(out, olinebuf))
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword, "xp1"))
+			{
+			if (Xp1 || !BN_hex2bn(&Xp1,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "xp2"))
+			{
+			if (Xp2 || !BN_hex2bn(&Xp2,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Xp"))
+			{
+			if (Xp || !BN_hex2bn(&Xp,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "xq1"))
+			{
+			if (Xq1 || !BN_hex2bn(&Xq1,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "xq2"))
+			{
+			if (Xq2 || !BN_hex2bn(&Xq2,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Xq"))
+			{
+			if (Xq || !BN_hex2bn(&Xq,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "e"))
+			{
+			if (e || !BN_hex2bn(&e,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "p1"))
+			continue;
+		else if (!strcmp(keyword, "p2"))
+			continue;
+		else if (!strcmp(keyword, "p"))
+			continue;
+		else if (!strcmp(keyword, "q1"))
+			continue;
+		else if (!strcmp(keyword, "q2"))
+			continue;
+		else if (!strcmp(keyword, "q"))
+			continue;
+		else if (!strcmp(keyword, "n"))
+			continue;
+		else if (!strcmp(keyword, "d"))
+			continue;
+		else
+			goto parse_error;
+
+		BIO_puts(out, olinebuf);
+
+		if (e && Xp1 && Xp2 && Xp)
+			{
+			rsa = RSA_new();
+			if (!rsa)
+				goto error;
+			if (!rsa_printkey1(err, out, rsa, Xp1, Xp2, Xp, e))
+				goto error;
+			BN_free(Xp1);
+			Xp1 = NULL;
+			BN_free(Xp2);
+			Xp2 = NULL;
+			BN_free(Xp);
+			Xp = NULL;
+			BN_free(e);
+			e = NULL;
+			}
+
+		if (rsa && Xq1 && Xq2 && Xq)
+			{
+			if (!rsa_printkey2(err, out, rsa, Xq1, Xq2, Xq))
+				goto error;
+			BN_free(Xq1);
+			Xq1 = NULL;
+			BN_free(Xq2);
+			Xq2 = NULL;
+			BN_free(Xq);
+			Xq = NULL;
+			RSA_free(rsa);
+			rsa = NULL;
+			}
+		}
+
+	ret = 1;
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+
+	if (Xp1)
+		BN_free(Xp1);
+	if (Xp2)
+		BN_free(Xp2);
+	if (Xp)
+		BN_free(Xp);
+	if (Xq1)
+		BN_free(Xq1);
+	if (Xq1)
+		BN_free(Xq1);
+	if (Xq2)
+		BN_free(Xq2);
+	if (Xq)
+		BN_free(Xq);
+	if (e)
+		BN_free(e);
+	if (rsa)
+		RSA_free(rsa);
+
+	return ret;
+
+	parse_error:
+
+	BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int rsa_printkey1(BIO *err, BIO *out, RSA *rsa,
+		BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+		BIGNUM *e)
+	{
+	int ret = 0;
+	BIGNUM *p1 = NULL, *p2 = NULL;
+	p1 = BN_new();
+	p2 = BN_new();
+	if (!p1 || !p2)
+		goto error;
+
+	if (!RSA_X931_derive(rsa, p1, p2, NULL, NULL, 0, NULL, Xp1, Xp2, Xp,
+							NULL, NULL, NULL, e))
+		goto error;
+
+	do_bn_print(out, "p1", p1);
+	do_bn_print(out, "p2", p2);
+	do_bn_print(out, "p", rsa->p);
+
+	ret = 1;
+
+	error:
+	if (p1)
+		BN_free(p1);
+	if (p2)
+		BN_free(p2);
+
+	return ret;
+	}
+
+static int rsa_printkey2(BIO *err, BIO *out, RSA *rsa,
+		BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
+	{
+	int ret = 0;
+	BIGNUM *q1 = NULL, *q2 = NULL;
+	q1 = BN_new();
+	q2 = BN_new();
+	if (!q1 || !q2)
+		goto error;
+
+	if (!RSA_X931_derive(rsa, NULL, NULL, q1, q2, 0, NULL, NULL, NULL, NULL,
+							Xq1, Xq2, Xq, NULL))
+		goto error;
+
+	do_bn_print(out, "q1", q1);
+	do_bn_print(out, "q2", q2);
+	do_bn_print(out, "q", rsa->q);
+	do_bn_print(out, "n", rsa->n);
+	do_bn_print(out, "d", rsa->d);
+
+	ret = 1;
+
+	error:
+	if (q1)
+		BN_free(q1);
+	if (q2)
+		BN_free(q2);
+
+	return ret;
+	}
+
+#endif
--- a/fips/rsa/fips_rsastest.c
+++ b/fips/rsa/fips_rsastest.c
@@ -75,15 +75,15 @@ int main(int argc, char *argv[])

 #else

-static int rsa_stest(BIO *err, BIO *out, BIO *in);
+static int rsa_stest(BIO *err, BIO *out, BIO *in, int Saltlen);
 static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
-		unsigned char *Msg, long Msglen);
+		unsigned char *Msg, long Msglen, int Saltlen);

 int main(int argc, char **argv)
 	{
 	BIO *in = NULL, *out = NULL, *err = NULL;

-	int ret = 1;
+	int ret = 1, Saltlen = -1;
 	ERR_load_crypto_strings();

 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -100,6 +100,24 @@ int main(int argc, char **argv)
 		goto end;
 		}

+	if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+		{
+		Saltlen = atoi(argv[2]);
+		if (Saltlen < 0)
+			{
+			BIO_printf(err, "FATAL: Invalid salt length\n");
+			goto end;
+			}
+		argc -= 2;
+		argv += 2;
+		}
+	else if ((argc > 1) && !strcmp("-x931", argv[1]))
+		{
+		Saltlen = -2;
+		argc--;
+		argv++;
+		}
+
 	if (argc == 1)
 		in = BIO_new_fp(stdin, BIO_NOCLOSE);
 	else
@@ -122,7 +140,7 @@ int main(int argc, char **argv)
 		goto end;
 		}

-	if (!rsa_stest(err, out, in))
+	if (!rsa_stest(err, out, in, Saltlen))
 		{
 		fprintf(stderr, "FATAL RSAVTEST file processing error\n");
 		goto end;
@@ -148,7 +166,7 @@ int main(int argc, char **argv)

 #define RSA_TEST_MAXLINELEN	10240

-int rsa_stest(BIO *err, BIO *out, BIO *in)
+int rsa_stest(BIO *err, BIO *out, BIO *in, int Saltlen)
 	{
 	char *linebuf, *olinebuf, *p, *q;
 	char *keyword, *value;
@@ -271,7 +289,8 @@ int rsa_stest(BIO *err, BIO *out, BIO *in)

 		if (Msg && dgst)
 			{
-			if (!rsa_printsig(err, out, rsa, dgst, Msg, Msglen))
+			if (!rsa_printsig(err, out, rsa, dgst, Msg, Msglen,
+								Saltlen))
 				goto error;
 			OPENSSL_free(Msg);
 			Msg = NULL;
@@ -301,11 +320,11 @@ int rsa_stest(BIO *err, BIO *out, BIO *in)
 	}

 static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
-		unsigned char *Msg, long Msglen)
+		unsigned char *Msg, long Msglen, int Saltlen)
 	{
 	int ret = 0;
 	unsigned char *sigbuf = NULL;
-	unsigned int i, siglen;
+	int i, siglen;
 	/* EVP_PKEY structure */
 	EVP_PKEY *key = NULL;
 	EVP_MD_CTX ctx;
@@ -322,12 +341,46 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,

 	EVP_MD_CTX_init(&ctx);

-	if (!EVP_SignInit_ex(&ctx, dgst, NULL))
-		goto error;
-	if (!EVP_SignUpdate(&ctx, Msg, Msglen))
-		goto error;
-	if (!EVP_SignFinal(&ctx, sigbuf, &siglen, key))
-		goto error;
+	if (Saltlen != -1)
+		{
+		unsigned int mdlen;
+		unsigned char mdtmp[EVP_MAX_MD_SIZE + 1];
+
+		if (!EVP_DigestInit_ex(&ctx, dgst, NULL))
+			goto error;
+		if (!EVP_DigestUpdate(&ctx, Msg, Msglen))
+			goto error;
+		if (!EVP_DigestFinal(&ctx, mdtmp, &mdlen))
+			goto error;
+	
+		if (Saltlen == -2)
+			{
+			mdtmp[mdlen] = RSA_X931_hash_id(EVP_MD_type(dgst));
+			siglen = RSA_private_encrypt(mdlen + 1, mdtmp,
+					sigbuf, rsa, RSA_X931_PADDING);
+			if (siglen <= 0)
+				goto error;
+			}
+		else
+			{
+			if (!RSA_padding_add_PKCS1_PSS(rsa, sigbuf, mdtmp,
+							dgst, Saltlen))
+				goto error;
+			siglen = RSA_private_encrypt(siglen, sigbuf, sigbuf,
+						rsa, RSA_NO_PADDING);
+			if (siglen <= 0)
+				goto error;
+			}
+		}
+	else
+		{
+		if (!EVP_SignInit_ex(&ctx, dgst, NULL))
+			goto error;
+		if (!EVP_SignUpdate(&ctx, Msg, Msglen))
+			goto error;
+		if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, key))
+			goto error;
+		}

 	EVP_MD_CTX_cleanup(&ctx);

--- a/fips/rsa/fips_rsavtest.c
+++ b/fips/rsa/fips_rsavtest.c
@@ -75,18 +75,19 @@ int main(int argc, char *argv[])

 #else

-static int rsa_test(BIO *err, BIO *out, BIO *in);
+int rsa_test(BIO *err, BIO *out, BIO *in, int saltlen);
 static int rsa_printver(BIO *err, BIO *out,
 		BIGNUM *n, BIGNUM *e,
 		const EVP_MD *dgst,
 		unsigned char *Msg, long Msglen,
-		unsigned char *S, long Slen);
+		unsigned char *S, long Slen, int Saltlen);

 int main(int argc, char **argv)
 	{
 	BIO *in = NULL, *out = NULL, *err = NULL;

 	int ret = 1;
+	int Saltlen = -1;
 	ERR_load_crypto_strings();

 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -103,6 +104,24 @@ int main(int argc, char **argv)
 		goto end;
 		}

+	if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+		{
+		Saltlen = atoi(argv[2]);
+		if (Saltlen < 0)
+			{
+			BIO_printf(err, "FATAL: Invalid salt length\n");
+			goto end;
+			}
+		argc -= 2;
+		argv += 2;
+		}
+	else if ((argc > 1) && !strcmp("-x931", argv[1]))
+		{
+		Saltlen = -2;
+		argc--;
+		argv++;
+		}
+
 	if (argc == 1)
 		in = BIO_new_fp(stdin, BIO_NOCLOSE);
 	else
@@ -125,7 +144,7 @@ int main(int argc, char **argv)
 		goto end;
 		}

-	if (!rsa_test(err, out, in))
+	if (!rsa_test(err, out, in, Saltlen))
 		{
 		fprintf(stderr, "FATAL RSAVTEST file processing error\n");
 		goto end;
@@ -151,7 +170,7 @@ int main(int argc, char **argv)

 #define RSA_TEST_MAXLINELEN	10240

-int rsa_test(BIO *err, BIO *out, BIO *in)
+int rsa_test(BIO *err, BIO *out, BIO *in, int Saltlen)
 	{
 	char *linebuf, *olinebuf, *p, *q;
 	char *keyword, *value;
@@ -267,7 +286,7 @@ int rsa_test(BIO *err, BIO *out, BIO *in)
 		if (n && e && Msg && S && dgst)
 			{
 			if (!rsa_printver(err, out, n, e, dgst,
-						Msg, Msglen, S, Slen))
+					Msg, Msglen, S, Slen, Saltlen))
 				goto error;
 			OPENSSL_free(Msg);
 			Msg = NULL;
@@ -306,13 +325,14 @@ static int rsa_printver(BIO *err, BIO *out,
 		BIGNUM *n, BIGNUM *e,
 		const EVP_MD *dgst,
 		unsigned char *Msg, long Msglen,
-		unsigned char *S, long Slen)
+		unsigned char *S, long Slen, int Saltlen)
 	{
 	int ret = 0, r;
 	/* Setup RSA and EVP_PKEY structures */
 	RSA *rsa_pubkey = NULL;
 	EVP_PKEY *pubkey = NULL;
 	EVP_MD_CTX ctx;
+	unsigned char *buf = NULL;
 	rsa_pubkey = RSA_new();
 	pubkey = EVP_PKEY_new();
 	if (!rsa_pubkey || !pubkey)
@@ -326,18 +346,63 @@ static int rsa_printver(BIO *err, BIO *out,

 	EVP_MD_CTX_init(&ctx);

-	if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
-		goto error;
-	if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
-		goto error;
+	if (Saltlen != -1)
+		{
+		int pad;
+		unsigned char mdtmp[EVP_MAX_MD_SIZE];
+		buf = OPENSSL_malloc(RSA_size(rsa_pubkey));
+		if (Saltlen == -2)
+			pad = RSA_X931_PADDING;
+		else
+			pad = RSA_NO_PADDING;
+		if (!buf)
+			goto error;
+		r = RSA_public_decrypt(Slen, S, buf, rsa_pubkey, pad);

-	r = EVP_VerifyFinal(&ctx, S, Slen, pubkey);
+		if (r > 0)
+			{
+			EVP_DigestInit_ex(&ctx, dgst, NULL);
+			if (!EVP_DigestUpdate(&ctx, Msg, Msglen))
+				goto error;
+			if (!EVP_DigestFinal_ex(&ctx, mdtmp, NULL))
+				goto error;
+			if (pad == RSA_X931_PADDING)
+				{
+				int mdlen = EVP_MD_size(dgst);
+				if (r != mdlen + 1)
+					r = 0;
+				else if (buf[mdlen] !=
+				    RSA_X931_hash_id(EVP_MD_type(dgst)))
+					r = 0;
+				else if (memcmp(buf, mdtmp, mdlen))
+					r = 0;
+				else
+					r = 1;
+				}
+			else
+				r = RSA_verify_PKCS1_PSS(rsa_pubkey,
+							mdtmp, dgst,
+							buf, Saltlen);
+			}
+		if (r < 0)
+			r = 0;
+		}
+	else
+		{
+
+		if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
+			goto error;
+		if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
+			goto error;
+
+		r = EVP_VerifyFinal(&ctx, S, Slen, pubkey);
+
+		}

 	EVP_MD_CTX_cleanup(&ctx);

 	if (r < 0)
 		goto error;
-
 	ERR_clear_error();

 	if (r == 0)
@@ -352,6 +417,8 @@ static int rsa_printver(BIO *err, BIO *out,
 		RSA_free(rsa_pubkey);
 	if (pubkey)
 		EVP_PKEY_free(pubkey);
+	if (buf)
+		OPENSSL_free(buf);

 	return ret;
 	}
--- a/fips/sha1/.cvsignore
+++ b/fips/sha1/.cvsignore
--- a/fips/sha1/Makefile
+++ b/fips/sha1/Makefile
@@ -1,8 +1,8 @@
 #
-# SSLeay/fips/sha1/Makefile
+# SSLeay/fips/sha/Makefile
 #

-DIR=	sha1
+DIR=	sha
 TOP=	../..
 CC=	cc
 INCLUDES=
@@ -19,8 +19,8 @@ EXE_EXT=
 CFLAGS= $(INCLUDES) $(CFLAG)

 GENERAL=Makefile
-TEST= fips_sha1test.c
-TESTDATA= sha1vectors.txt sha1hashes.txt
+TEST= fips_shatest.c
+TESTDATA= SHAmix.req SHAmix.fax
 APPS=
 EXE= fips_standalone_sha1$(EXE_EXT)

@@ -72,17 +72,33 @@ tags:

 tests:

-top_fips_sha1test:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_sha1test sub_target)
+Q=../testvectors/sha/req
+A=../testvectors/sha/rsp

-fips_sha1test: fips_sha1test.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_sha1test fips_sha1test.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_sha1test
+VECTORS = SHA1LongMsg \
+	SHA1Monte \
+	SHA1ShortMsg \
+	SHA224LongMsg \
+	SHA224Monte \
+	SHA224ShortMsg \
+	SHA256LongMsg \
+	SHA256Monte \
+	SHA256ShortMsg \
+	SHA384LongMsg \
+	SHA384Monte \
+	SHA384ShortMsg \
+	SHA512LongMsg \
+	SHA512Monte \
+	SHA512ShortMsg

-fips_test: top_fips_sha1test
-	-rm -rf ../testvectors/sha1/rsp
-	mkdir ../testvectors/sha1/rsp
-	./fips_sha1test ../testvectors/sha1/req/sha.req  > ../testvectors/sha1/rsp/sha.rsp
+fips_test:
+	-rm -rf $(A)
+	mkdir $(A)
+	for file in $(VECTORS); do \
+	    if [ -f $(Q)/$$file.req ]; then \
+		$(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
+	    fi; \
+	done

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -116,15 +132,6 @@ fips_sha1dgst.o: ../../include/openssl/opensslv.h
 fips_sha1dgst.o: ../../include/openssl/safestack.h
 fips_sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 fips_sha1dgst.o: fips_sha1dgst.c
-fips_sha1test.o: ../../e_os.h ../../include/openssl/bio.h
-fips_sha1test.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_sha1test.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-fips_sha1test.o: ../../include/openssl/fips_sha.h ../../include/openssl/lhash.h
-fips_sha1test.o: ../../include/openssl/opensslconf.h
-fips_sha1test.o: ../../include/openssl/opensslv.h
-fips_sha1test.o: ../../include/openssl/safestack.h
-fips_sha1test.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_sha1test.o: fips_sha1test.c
 fips_sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 fips_sha256.o: ../../include/openssl/fips.h ../../include/openssl/fips_sha.h
 fips_sha256.o: ../../include/openssl/opensslconf.h
@@ -138,6 +145,29 @@ fips_sha512.o: ../../include/openssl/opensslconf.h
 fips_sha512.o: ../../include/openssl/opensslv.h
 fips_sha512.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 fips_sha512.o: ../../include/openssl/symhacks.h fips_sha512.c
+fips_shatest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_shatest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+fips_shatest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_shatest.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+fips_shatest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_shatest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_shatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_shatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_shatest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+fips_shatest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+fips_shatest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+fips_shatest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_shatest.o: ../../include/openssl/opensslconf.h
+fips_shatest.o: ../../include/openssl/opensslv.h
+fips_shatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_shatest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_shatest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+fips_shatest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_shatest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_shatest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_shatest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_shatest.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+fips_shatest.o: fips_shatest.c
 fips_standalone_sha1.o: ../../include/openssl/aes.h
 fips_standalone_sha1.o: ../../include/openssl/asn1.h
 fips_standalone_sha1.o: ../../include/openssl/bio.h
--- a/fips/sha/SHAmix.fax
+++ b/fips/sha/SHAmix.fax
--- a/fips/sha/SHAmix.req
+++ b/fips/sha/SHAmix.req
--- a/fips/sha1/asm/fips-sx86-elf.s
+++ b/fips/sha1/asm/fips-sx86-elf.s
--- a/fips/sha1/fips_md32_common.h
+++ b/fips/sha1/fips_md32_common.h
--- a/fips/sha1/fips_sha.h
+++ b/fips/sha1/fips_sha.h
--- a/fips/sha1/fips_sha1_selftest.c
+++ b/fips/sha1/fips_sha1_selftest.c
--- a/fips/sha1/fips_sha1dgst.c
+++ b/fips/sha1/fips_sha1dgst.c
--- a/fips/sha1/fips_sha256.c
+++ b/fips/sha1/fips_sha256.c
@@ -15,6 +15,8 @@
 #include <openssl/fips.h>
 #include <openssl/opensslv.h>

+#ifdef OPENSSL_FIPS
+
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;

 int SHA224_Init (SHA256_CTX *c)
@@ -317,4 +319,7 @@ void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
 void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
 {   sha256_block (ctx,in,num,0);   }

+#endif
+
 #endif /* OPENSSL_NO_SHA256 */
+
--- a/fips/sha1/fips_sha512.c
+++ b/fips/sha1/fips_sha512.c
@@ -49,6 +49,8 @@
 #include <openssl/fips.h>
 #include <openssl/opensslv.h>

+#ifdef OPENSSL_FIPS
+
 const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;

 #if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)
@@ -479,4 +481,7 @@ static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)

 #endif /* SHA512_ASM */

+#endif
+
 #endif /* OPENSSL_NO_SHA512 */
+
--- a/fips/sha1/fips_sha_locl.h
+++ b/fips/sha1/fips_sha_locl.h
--- a/fips/sha/fips_shatest.c
+++ b/fips/sha/fips_shatest.c
@@ -0,0 +1,399 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS SHAXXX support\n");
+    return(0);
+}
+
+#else
+
+static int dgst_test(BIO *err, BIO *out, BIO *in);
+static int print_dgst(BIO *err, const EVP_MD *md, BIO *out,
+		unsigned char *Msg, int Msglen);
+static int print_monte(BIO *err, const EVP_MD *md, BIO *out,
+		unsigned char *Seed, int SeedLen);
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *err = NULL;
+
+	int ret = 1;
+
+	ERR_load_crypto_strings();
+
+	err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!err)
+		{
+		fprintf(stderr, "FATAL stderr initialization error\n");
+		goto end;
+		}
+
+	if(!FIPS_mode_set(1,argv[0]))
+		{
+		ERR_print_errors(err);
+		goto end;
+		}
+
+	if (argc == 1)
+		in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	else
+		in = BIO_new_file(argv[1], "r");
+
+	if (argc < 2)
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	else
+		out = BIO_new_file(argv[2], "w");
+
+	if (!in)
+		{
+		BIO_printf(err, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!dgst_test(err, out, in))
+		{
+		fprintf(stderr, "FATAL digest file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (ret && err)
+		ERR_print_errors(err);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (err)
+		BIO_free(err);
+
+	return ret;
+
+	}
+
+#define SHA_TEST_MAX_BITS	102400
+#define SHA_TEST_MAXLINELEN	(((SHA_TEST_MAX_BITS >> 3) * 2) + 10)
+
+int dgst_test(BIO *err, BIO *out, BIO *in)
+	{
+	const EVP_MD *md = NULL;
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	unsigned char *Msg = NULL, *Seed = NULL;
+	long MsgLen = -1, Len = -1, SeedLen = -1;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+
+	while (BIO_gets(in, olinebuf, SHA_TEST_MAXLINELEN) > 0)
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [L=20] line) just copy */
+		if (!p)
+			{
+			if (!BIO_puts(out, olinebuf))
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword,"[L") && *p==']')
+			{
+			switch (atoi(value))
+				{
+				case 20: md=EVP_sha1();   break;
+				case 28: md=EVP_sha224(); break;
+				case 32: md=EVP_sha256(); break;
+				case 48: md=EVP_sha384(); break;
+				case 64: md=EVP_sha512(); break;
+				default: goto parse_error;
+				}
+			}
+		else if (!strcmp(keyword, "Len"))
+			{
+			if (Len != -1)
+				goto parse_error;
+			Len = atoi(value);
+			if (Len < 0)
+				goto parse_error;
+			/* Only handle multiples of 8 bits */
+			if (Len & 0x7)
+				goto parse_error;
+			if (Len > SHA_TEST_MAX_BITS)
+				goto parse_error;
+			MsgLen = Len >> 3;
+			}
+
+		else if (!strcmp(keyword, "Msg"))
+			{
+			long tmplen;
+			if (strlen(value) & 1)
+				*(--value) = '0';
+			if (Msg)
+				goto parse_error;
+			Msg = string_to_hex(value, &tmplen);
+			if (!Msg)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Seed"))
+			{
+			if (strlen(value) & 1)
+				*(--value) = '0';
+			if (Seed)
+				goto parse_error;
+			Seed = string_to_hex(value, &SeedLen);
+			if (!Seed)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "MD"))
+			continue;
+		else
+			goto parse_error;
+
+		BIO_puts(out, olinebuf);
+
+		if (md && Msg && (MsgLen >= 0))
+			{
+			if (!print_dgst(err, md, out, Msg, MsgLen))
+				goto error;
+			OPENSSL_free(Msg);
+			Msg = NULL;
+			MsgLen = -1;
+			Len = -1;
+			}
+		else if (md && Seed && (SeedLen > 0))
+			{
+			if (!print_monte(err, md, out, Seed, SeedLen))
+				goto error;
+			OPENSSL_free(Seed);
+			Seed = NULL;
+			SeedLen = -1;
+			}
+	
+
+		}
+
+
+	ret = 1;
+
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	if (Msg)
+		OPENSSL_free(Msg);
+	if (Seed)
+		OPENSSL_free(Seed);
+
+	return ret;
+
+	parse_error:
+
+	BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int print_dgst(BIO *err, const EVP_MD *emd, BIO *out,
+		unsigned char *Msg, int Msglen)
+	{
+	int i, mdlen;
+	unsigned char md[EVP_MAX_MD_SIZE];
+	if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
+		{
+		BIO_puts(err, "Error calculating HASH\n");
+		return 0;
+		}
+	BIO_puts(out, "MD = ");
+	for (i = 0; i < mdlen; i++)
+		BIO_printf(out, "%02x", md[i]);
+	BIO_puts(out, "\n");
+	return 1;
+	}
+
+static int print_monte(BIO *err, const EVP_MD *md, BIO *out,
+		unsigned char *Seed, int SeedLen)
+	{
+	unsigned int i, j, k;
+	int ret = 0;
+	EVP_MD_CTX ctx;
+	unsigned char *m1, *m2, *m3, *p;
+	unsigned int mlen, m1len, m2len, m3len;
+
+	EVP_MD_CTX_init(&ctx);
+
+	if (SeedLen > EVP_MAX_MD_SIZE)
+		mlen = SeedLen;
+	else
+		mlen = EVP_MAX_MD_SIZE;
+
+	m1 = OPENSSL_malloc(mlen);
+	m2 = OPENSSL_malloc(mlen);
+	m3 = OPENSSL_malloc(mlen);
+
+	if (!m1 || !m2 || !m3)
+		goto mc_error;
+
+	m1len = m2len = m3len = SeedLen;
+	memcpy(m1, Seed, SeedLen);
+	memcpy(m2, Seed, SeedLen);
+	memcpy(m3, Seed, SeedLen);
+
+	BIO_puts(out, "\n");
+
+	for (j = 0; j < 100; j++)
+		{
+		for (i = 0; i < 1000; i++)
+			{
+			EVP_DigestInit_ex(&ctx, md, NULL);
+			EVP_DigestUpdate(&ctx, m1, m1len);
+			EVP_DigestUpdate(&ctx, m2, m2len);
+			EVP_DigestUpdate(&ctx, m3, m3len);
+			p = m1;
+			m1 = m2;
+			m1len = m2len;
+			m2 = m3;
+			m2len = m3len;
+			m3 = p;
+			EVP_DigestFinal_ex(&ctx, m3, &m3len);
+			}
+		BIO_printf(out, "COUNT = %d\n", j);
+		BIO_puts(out, "MD = ");
+		for (k = 0; k < m3len; k++)
+			BIO_printf(out, "%02x", m3[k]);
+		BIO_puts(out, "\n\n");
+		memcpy(m1, m3, m3len);
+		memcpy(m2, m3, m3len);
+		m1len = m2len = m3len;
+		}
+
+	ret = 1;
+
+	mc_error:
+	if (m1)
+		OPENSSL_free(m1);
+	if (m2)
+		OPENSSL_free(m2);
+	if (m3)
+		OPENSSL_free(m3);
+
+	EVP_MD_CTX_cleanup(&ctx);
+
+	return ret;
+	}
+
+#endif
--- a/fips/sha1/fips_standalone_sha1.c
+++ b/fips/sha1/fips_standalone_sha1.c
@@ -104,7 +104,7 @@ int main(int argc,char **argv)
    {
 #ifdef OPENSSL_FIPS
    static char key[]="etaonrishdlcupfm";
-    int n;
+    int n,binary=0;

    if(argc < 2)
 	{
@@ -112,7 +112,14 @@ int main(int argc,char **argv)
 	exit(1);
 	}

-    for(n=1 ; n < argc ; ++n)
+    n=1;
+    if (!strcmp(argv[n],"-binary"))
+	{
+	n++;
+	binary=1;	/* emit binary fingerprint... */
+	}
+
+    for(; n < argc ; ++n)
 	{
 	FILE *f=fopen(argv[n],"rb");
 	SHA_CTX md_ctx,o_ctx;
@@ -145,6 +152,12 @@ int main(int argc,char **argv)
 	    }
 	hmac_final(md,&md_ctx,&o_ctx);

+	if (binary)
+	    {
+	    fwrite(md,20,1,stdout);
+	    break;	/* ... for single(!) file */
+	    }
+
 	printf("HMAC-SHA1(%s)= ",argv[n]);
 	for(i=0 ; i < 20 ; ++i)
 	    printf("%02x",md[i]);
--- a/fips/sha1/fips_sha1test.c
+++ b/fips/sha1/fips_sha1test.c
@@ -1,151 +0,0 @@
-#include <stdio.h>
-#include <assert.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/fips_sha.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
-
-#ifndef OPENSSL_FIPS
-int main(int argc, char *argv[])
-{
-    printf("No FIPS SHA1 support\n");
-    return(0);
-}
-#else
-
-#define MAX_TEST_BITS 103432
-
-static void dump(const unsigned char *b,int n)
-    {
-    while(n-- > 0)
-	printf("%02X",*b++);
-    }
-
-static void bitfill(unsigned char *buf,int bit,int b,int n)
-    {
-    for( ; n > 0 ; --n,++bit)
-	{
-	assert(bit < MAX_TEST_BITS);
-	buf[bit/8]|=b << (7-bit%8);
-	}
-    }
-
-void montecarlo(unsigned char *seed,int n)
-    {
-    int i,j;
-    unsigned char m[10240];
-
-    memcpy(m,seed,n);
-    for(j=0 ; j < 100 ; ++j)
-	{
-	for(i=1 ; i <= 50000 ; ++i)
-	    {
-	    memset(m+n,'\0',j/4+3);
-	    n+=j/4+3;
-	    m[n++]=i >> 24;
-	    m[n++]=i >> 16;
-	    m[n++]=i >> 8;
-	    m[n++]=i;
-/*  	    putchar(' '); */
-/*  	    dump(m,bit/8); */
-/*  	    putchar('\n'); */
-	    SHA1(m,n,m);
-	    n=20;
-	    }
-	dump(m,20);
-	puts(" ^");
-	}
-    }
-
-int main(int argc,char **argv)
-    {
-    FILE *fp;
-    int phase;
-
-    if(argc != 2)
-	{
-	fprintf(stderr,"%s <test vector file>\n",argv[0]);
-	EXIT(1);
-	}
-
-    if(!FIPS_mode_set(1,argv[0]))
-	{
-	ERR_load_crypto_strings();
-	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-	EXIT(1);
-	}
-    fp=fopen(argv[1],"r");
-    if(!fp)
-	{
-	perror(argv[1]);
-	EXIT(2);
-	}
-
-    for(phase=0 ; ; )
-	{
-	unsigned char buf[MAX_TEST_BITS/8];
-	unsigned char md[20];
-	char line[10240];
-	int n,t,b,bit;
-	char *p;
-
-	fgets(line,1024,fp);
-	if(feof(fp))
-	    break;
-	n=strlen(line);
-	line[n-1]='\0';
-	if(!strcmp(line,"D>"))
-	    ++phase;
-
-	if(!isdigit(line[0]))
-	    {
-	    puts(line);
-	    continue;
-	    }
-	for( ; ; )
-	    {
-	    assert(n > 1);
-	    if(line[n-2] == '^')
-		break;
-	    fgets(line+n-1,sizeof(line)-n+1,fp);
-	    n=strlen(line);
-	    /*	    printf("line=%s\n",line); */
-	    assert(!feof(fp));
-	    }
-
-	p=strtok(line," ");
-	t=atoi(p);
-	p=strtok(NULL," ");
-	b=atoi(p);
-	memset(buf,'\0',sizeof buf);
-	for(bit=0,p=strtok(NULL," ") ; p && *p != '^' ; p=strtok(NULL," "))
-	    {
-	    assert(t-- > 0);
-	    bitfill(buf,bit,b,atoi(p));
-	    bit+=atoi(p);
-	    b=1-b;
-	    }
-	assert(t == 0);
-	assert((bit%8) == 0);
-	/*	dump(buf,bit/8); */
-	/*	putchar('\n'); */
-	if(phase < 3)
-	    {
-	    SHA1(buf,bit/8,md);
-	    dump(md,20);
-	    puts(" ^");
-	    }
-	else
-	    montecarlo(buf,bit/8);
-	}
-    EXIT(0);
-    return(0);
-    }
-#endif
--- a/fips/sha1/sha1hashes.txt
+++ b/fips/sha1/sha1hashes.txt
@@ -1,342 +0,0 @@
-#  Configuration information for "SHA-1 Test"
-#  SHA tests are configured for BYTE oriented implementations
-H>SHS Type 1 Hashes<H
-D>
-DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 ^
-3CDF2936DA2FC556BFA533AB1EB59CE710AC80E5 ^
-19C1E2048FA7393CFBF2D310AD8209EC11D996E5 ^
-CA775D8C80FAA6F87FA62BECA6CA6089D63B56E5 ^
-71AC973D0E4B50AE9E5043FF4D615381120A25A0 ^
-A6B5B9F854CFB76701C3BDDBF374B3094EA49CBA ^
-D87A0EE74E4B9AD72E6847C87BDEEB3D07844380 ^
-1976B8DD509FE66BF09C9A8D33534D4EF4F63BFD ^
-5A78F439B6DB845BB8A558E4CEB106CD7B7FF783 ^
-F871BCE62436C1E280357416695EE2EF9B83695C ^
-62B243D1B780E1D31CF1BA2DE3F01C72AEEA0E47 ^
-1698994A273404848E56E7FDA4457B5900DE1342 ^
-056F4CDC02791DA7ED1EB2303314F7667518DEEF ^
-9FE2DA967BD8441EEA1C32DF68DDAA9DC1FC8E4B ^
-73A31777B4ACE9384EFA8BBEAD45C51A71ABA6DD ^
-3F9D7C4E2384EDDABFF5DD8A31E23DE3D03F42AC ^
-4814908F72B93FFD011135BEE347DE9A08DA838F ^
-0978374B67A412A3102C5AA0B10E1A6596FC68EB ^
-44AD6CB618BD935460D46D3F921D87B99AB91C1E ^
-02DC989AF265B09CF8485640842128DCF95E9F39 ^
-67507B8D497B35D6E99FC01976D73F54AECA75CF ^
-1EAE0373C1317CB60C36A42A867B716039D441F5 ^
-9C3834589E5BFFAC9F50950E0199B3EC2620BEC8 ^
-209F7ABC7F3B878EE46CDF3A1FBB9C21C3474F32 ^
-05FC054B00D97753A9B3E2DA8FBBA3EE808CEF22 ^
-0C4980EA3A46C757DFBFC5BAA38AC6C8E72DDCE7 ^
-96A460D2972D276928B69864445BEA353BDCFFD2 ^
-F3EF04D8FA8C6FA9850F394A4554C080956FA64B ^
-F2A31D875D1D7B30874D416C4D2EA6BAF0FFBAFE ^
-F4942D3B9E9588DCFDC6312A84DF75D05F111C20 ^
-310207DF35B014E4676D30806FA34424813734DD ^
-4DA1955B2FA7C7E74E3F47D7360CE530BBF57CA3 ^
-74C4BC5B26FB4A08602D40CCEC6C6161B6C11478 ^
-0B103CE297338DFC7395F7715EE47539B556DDB6 ^
-EFC72D99E3D2311CE14190C0B726BDC68F4B0821 ^
-660EDAC0A8F4CE33DA0D8DBAE597650E97687250 ^
-FE0A55A988B3B93946A63EB36B23785A5E6EFC3E ^
-0CBDF2A5781C59F907513147A0DE3CC774B54BF3 ^
-663E40FEE5A44BFCB1C99EA5935A6B5BC9F583B0 ^
-00162134256952DD9AE6B51EFB159B35C3C138C7 ^
-CEB88E4736E354416E2010FC1061B3B53B81664B ^
-A6A2C4B6BCC41DDC67278F3DF4D8D0B9DD7784EF ^
-C23D083CD8820B57800A869F5F261D45E02DC55D ^
-E8AC31927B78DDEC41A31CA7A44EB7177165E7AB ^
-E864EC5DBAB0F9FF6984AB6AD43A8C9B81CC9F9C ^
-CFED6269069417A84D6DE2347220F4B858BCD530 ^
-D9217BFB46C96348722C3783D29D4B1A3FEDA38C ^
-DEC24E5554F79697218D317315FA986229CE3350 ^
-83A099DF7071437BA5495A5B0BFBFEFE1C0EF7F3 ^
-AA3198E30891A83E33CE3BFA0587D86A197D4F80 ^
-9B6ACBEB4989CBEE7015C7D515A75672FFDE3442 ^
-B021EB08A436B02658EAA7BA3C88D49F1219C035 ^
-CAE36DAB8AEA29F62E0855D9CB3CD8E7D39094B1 ^
-02DE8BA699F3C1B0CB5AD89A01F2346E630459D7 ^
-88021458847DD39B4495368F7254941859FAD44B ^
-91A165295C666FE85C2ADBC5A10329DAF0CB81A0 ^
-4B31312EAF8B506811151A9DBD162961F7548C4B ^
-3FE70971B20558F7E9BAC303ED2BC14BDE659A62 ^
-93FB769D5BF49D6C563685954E2AECC024DC02D6 ^
-BC8827C3E614D515E83DEA503989DEA4FDA6EA13 ^
-E83868DBE4A389AB48E61CFC4ED894F32AE112AC ^
-55C95459CDE4B33791B4B2BCAAF840930AF3F3BD ^
-36BB0E2BA438A3E03214D9ED2B28A4D5C578FCAA ^
-3ACBF874199763EBA20F3789DFC59572ACA4CF33 ^
-86BE037C4D509C9202020767D860DAB039CADACE ^
-51B57D7080A87394EEC3EB2E0B242E553F2827C9 ^
-1EFBFA78866315CE6A71E457F3A750A38FACAB41 ^
-57D6CB41AEEC20236F365B3A490C61D0CFA39611 ^
-C532CB64B4BA826372BCCF2B4B5793D5B88BB715 ^
-15833B5631032663E783686A209C6A2B47A1080E ^
-D04F2043C96E10CD83B574B1E1C217052CD4A6B2 ^
-E8882627C64DB743F7DB8B4413DD033FC63BEB20 ^
-CD2D32286B8867BC124A0AF2236FC74BE3622199 ^
-019B70D745375091ED5C7B218445EC986D0F5A82 ^
-E5FF5FEC1DADBAED02BF2DAD4026BE6A96B3F2AF ^
-6F4E23B3F2E2C068D13921FE4E5E053FFED4E146 ^
-25E179602A575C915067566FBA6DA930E97F8678 ^
-67DED0E68E235C8A523E051E86108EEB757EFBFD ^
-AF78536EA83C822796745556D62A3EE82C7BE098 ^
-64D7AC52E47834BE72455F6C64325F9C358B610D ^
-9D4866BAA3639C13E541F250FFA3D8BC157A491F ^
-2E258811961D3EB876F30E7019241A01F9517BEC ^
-8E0EBC487146F83BC9077A1630E0FB3AB3C89E63 ^
-CE8953741FFF3425D2311FBBF4AB481B669DEF70 ^
-789D1D2DAB52086BD90C0E137E2515ED9C6B59B5 ^
-B76CE7472700DD68D6328B7AA8437FB051D15745 ^
-F218669B596C5FFB0B1C14BD03C467FC873230A0 ^
-1FF3BDBE0D504CB0CDFAB17E6C37ABA6B3CFFDED ^
-2F3CBACBB14405A4652ED52793C1814FD8C4FCE0 ^
-982C8AB6CE164F481915AF59AAED9FFF2A391752 ^
-5CD92012D488A07ECE0E47901D0E083B6BD93E3F ^
-69603FEC02920851D4B3B8782E07B92BB2963009 ^
-3E90F76437B1EA44CF98A08D83EA24CECF6E6191 ^
-34C09F107C42D990EB4881D4BF2DDDCAB01563AE ^
-474BE0E5892EB2382109BFC5E3C8249A9283B03D ^
-A04B4F75051786682483252438F6A75BF4705EC6 ^
-BE88A6716083EB50ED9416719D6A247661299383 ^
-C67E38717FEE1A5F65EC6C7C7C42AFC00CD37F04 ^
-959AC4082388E19E9BE5DE571C047EF10C174A8D ^
-BAA7AA7B7753FA0ABDC4A541842B5D238D949F0A ^
-351394DCEBC08155D100FCD488578E6AE71D0E9C ^
-AB8BE94C5AF60D9477EF1252D604E58E27B2A9EE ^
-3429EC74A695FDD3228F152564952308AFE0680A ^
-907FA46C029BC67EAA8E4F46E3C2A232F85BD122 ^
-2644C87D1FBBBC0FC8D65F64BCA2492DA15BAAE4 ^
-110A3EEB408756E2E81ABAF4C5DCD4D4C6AFCF6D ^
-CD4FDC35FAC7E1ADB5DE40F47F256EF74D584959 ^
-8E6E273208AC256F9ECCF296F3F5A37BC8A0F9F7 ^
-FE0606100BDBC268DB39B503E0FDFE3766185828 ^
-6C63C3E58047BCDB35A17F74EEBA4E9B14420809 ^
-BCC2BD305F0BCDA8CF2D478EF9FE080486CB265F ^
-CE5223FD3DD920A3B666481D5625B16457DCB5E8 ^
-948886776E42E4F5FAE1B2D0C906AC3759E3F8B0 ^
-4C12A51FCFE242F832E3D7329304B11B75161EFB ^
-C54BDD2050504D92F551D378AD5FC72C9ED03932 ^
-8F53E8FA79EA09FD1B682AF5ED1515ECA965604C ^
-2D7E17F6294524CE78B33EAB72CDD08E5FF6E313 ^
-64582B4B57F782C9302BFE7D07F74AA176627A3A ^
-6D88795B71D3E386BBD1EB830FB9F161BA98869F ^
-86AD34A6463F12CEE6DE9596ABA72F0DF1397FD1 ^
-7EB46685A57C0D466152DC339C8122548C757ED1 ^
-E7A98FB0692684054407CC221ABC60C199D6F52A ^
-34DF1306662206FD0A5FC2969A4BEEC4EB0197F7 ^
-56CF7EBF08D10F0CB9FE7EE3B63A5C3A02BCB450 ^
-3BAE5CB8226642088DA760A6F78B0CF8EDDEA9F1 ^
-6475DF681E061FA506672C27CBABFA9AA6DDFF62 ^
-79D81991FA4E4957C8062753439DBFD47BBB277D ^
-BAE224477B20302E881F5249F52EC6C34DA8ECEF ^
-EDE4DEB4293CFE4138C2C056B7C46FF821CC0ACC ^
-<D
-
-H>SHS Type 2 Hashes<H
-D>
-A771FA5C812BD0C9596D869EC99E4F4AC988B13F ^
-E99D566212BBBCEEE903946F6100C9C96039A8F4 ^
-B48CE6B1D13903E3925AE0C88CB931388C013F9C ^
-E647D5BAF670D4BF3AFC0A6B72A2424B0C64F194 ^
-65C1CD932A06B05CD0B43AFB3BC7891F6BCEF45C ^
-70FFAE353A5CD0F8A65A8B2746D0F16281B25EC7 ^
-CC8221F2B829B8CF39646BF46888317C3EB378EA ^
-26ACCC2D6D51FF7BF3E5895588907765111BB69B ^
-01072915B8E868D9B28E759CF2BC1AEA4BB92165 ^
-3016115711D74236ADF0C371E47992F87A428598 ^
-BF30417999C1368F008C1F19FECA4D18A5E1C3C9 ^
-62BA49087185F2742C26E1C1F4844112178BF673 ^
-E1F6B9536F384DD3098285BBFD495A474140DC5A ^
-B522DAE1D67726EBA7C4136D4E2F6D6D645AC43E ^
-E9A021C3EB0B9F2C710554D4BF21B19F78E09478 ^
-DF13573188F3BF705E697A3E1F580145F2183377 ^
-188835CFE52ECFA0C4135C2825F245DC29973970 ^
-41B615A34EE2CEC9D84A91B141CFAB115821950B ^
-AB3DD6221D2AFE6613B815DA1C389EEC74AA0337 ^
-0706D414B4AA7FB4A9051AA70D6856A7264054FB ^
-3CBF8151F3A00B1D5A809CBB8C4F3135055A6BD1 ^
-DA5D6A0319272BBCCEA63ACFA6799756FFDA6840 ^
-FB4429C95F6277B346D3B389413758DFFFEEDC98 ^
-2C6E30D9C895B42DCCCFC84C906EC88C09B20DE1 ^
-3DE3189A5E19F225CDCE254DFF23DACD22C61363 ^
-93530A9BC9A817F6922518A73A1505C411D05DA2 ^
-E31354345F832D31E05C1B842D405D4BD4588EC8 ^
-3FF76957E80B60CF74D015AD431FCA147B3AF232 ^
-34AE3B806BE143A84DCE82E4B830EB7D3D2BAC69 ^
-D7447E53D66BB5E4C26E8B41F83EFD107BF4ADDA ^
-77DD2A4482705BC2E9DC96EC0A13395771AC850C ^
-EAA1465DB1F59DE3F25EB8629602B568E693BB57 ^
-9329D5B40E0DC43AA25FED69A0FA9C211A948411 ^
-E94C0B6AA62AA08C625FAF817DDF8F51EC645273 ^
-7FF02B909D82AD668E31E547E0FB66CB8E213771 ^
-5BB3570858FA1744123BAC2873B0BB9810F53FA1 ^
-905F43940B3591CE39D1145ACB1ECA80AB5E43CD ^
-336C79FBD82F33E490C577E3F791C3CBFE842AFF ^
-5C6D07A6B44F7A75A64F6CE592F3BAE91E022210 ^
-7E0D3E9D33127F4A30EB8D9C134A58409FA8695B ^
-9A5F50DFCFB19286206C229019F0ABF25283028C ^
-DCA737E269F9D8626D488988C996E06B352C0708 ^
-B8FFC1D4972FCE63241E0E77850AC46DDE75DBFA ^
-E9C9BF41C8549354151B977003CE1D830BE667DB ^
-0942908960B54F96CB43452E583F4F9CB66E398A ^
-FCE34051C34D4B81B85DDC4B543CDE8007E284B3 ^
-61E8916532503627F4024D13884640A46F1D61D4 ^
-F008D5D7853B6A17B7466CD9E18BD135E520FAF4 ^
-BD8D2E873CF659B5C77AAC1616827EF8A3B1A3B3 ^
-B25A04DD425302ED211A1C2412D2410FA10C63B6 ^
-A404E21588123E0893718B4B44E91414A785B91F ^
-A1E13BC55BF6DAD83CF3AABDA3287AD68681EA64 ^
-D5FD35FFABED6733C92365929DF0FB4CAE864D15 ^
-C12E9C280EE9C079E0506FF89F9B20536E0A83EF ^
-E22769DC00748A9BBD6C05BBC8E81F2CD1DC4E2D ^
-F29835A93475740E888E8C14318F3CA45A3C8606 ^
-1A1D77C6D0F97C4B620FAA90F3F8644408E4B13D ^
-4EC84870E9BDD25F523C6DFB6EDD605052CA4EAA ^
-D689513FED08B80C39B67371959BC4E3FECB0537 ^
-C4FED58F209FC3C34AD19F86A6DACADC86C04D33 ^
-051888C6D00029C176DE792B84DECE2DC1C74B00 ^
-1A3540BEE05518505827954F58B751C475AEECE0 ^
-DFA19180359D5A7A38E842F172359CAF4208FC05 ^
-7B0FA84EBBCFF7D7F4500F73D79660C4A3431B67 ^
-9E886081C9ACAAD0F97B10810D1DE6FCDCE6B5F4 ^
-A4D46E4BA0AE4B012F75B1B50D0534D578AE9CB6 ^
-6342B199EE64C7B2C9CBCD4F2DCB65ACEF51516F ^
-AABFD63688EB678357869130083E1B52F6EA861D ^
-F732B7372DAF44801F81EFFE3108726239837936 ^
-5E9347FE4574CDCB80281ED092191199BADD7B42 ^
-D5776B7DFFF75C1358ABDBBB3F27A20BB6CA7C55 ^
-022B7ADA472FB7A9DA9219621C9C5F563D3792F6 ^
-7F1DE4ECA20362DA624653D225A5B3F7964A9FF2 ^
-CA0F2B1BFB4469C11ED006A994734F0F2F5EFD17 ^
-833D63F5C2EA0CD43EC15F2B9DD97FF12B030479 ^
-14FD356190416C00592B86FF7CA50B622F85593A ^
-4AB6B57EDDEF1CE935622F935C1619AE7C1667D6 ^
-B456A6A968ACD66CAA974F96A9A916E700AA3C5D ^
-FD1C257FE046B2A27E2F0CD55ED2DECA845F01D7 ^
-66E0D01780F1063E2929EAAD74826BC64060E38C ^
-A8478DF406F179FD4EF97F4574D7F99EA1CE9EB8 ^
-248E58CF09A372114FC2F93B09C5FC14F3D0059E ^
-F15767DE91796A6816977EFA4FCED4B7FD9B8A57 ^
-36A6BC5E680E15675D9696338C88B36248BBBAF4 ^
-4DEA6251B2A6DF017A8093AB066EE3863A4EC369 ^
-D30E70E357D57E3D82CA554B8A3D58DFF528FA94 ^
-70CA84D827F7FD61446233F88CF2F990B0F3E2AA ^
-8D500C9CFDE0288530A2106B70BED39326C52C3C ^
-F3D4D139EDFC24596377BC97A96FB7621F27FFC7 ^
-5509BAFFAC6D507860CEFC5AB5832CB63CD4B687 ^
-0C0AEA0C2FD7A620C77866B1A177481E26B4F592 ^
-149176007FEE58A591E3F00F8DB658B605F8390C ^
-17C0D7B0256159F3626786FFDB20237AE154FA84 ^
-741A58618ABEB1D983D67AFDCBC49AA397A3B8E0 ^
-B738D6B3409EB9ED2F1719B84D13F7C36169CDEC ^
-3D33DE31F64055D3B128AC9A6AA3F92DFD4F5330 ^
-B6925F4DF94949B8844C867428BA3DEDF4CF2B51 ^
-CF5E7256292ABEC431D8E8B9CBEAF22AF072377E ^
-975DCE94902923977F129C0E4ACF40AD28DDB9AA ^
-333B0259B18CE64D6B52CF563DD3041E5F63A516 ^
-<D
-
-H>SHS Type 3 Hashes<H
-D>
-80E044703A880C20EC41F645120A8A5B5D194ECE ^
-E142829CA08FC9787F17AA16CE727396169B2713 ^
-6A2BAF62469D311F9257A0727F52C7EAA87CCEB4 ^
-362E3E7136CA611D7FBF687D3BBDC54CDA64843F ^
-F5900ADC6223A5D24A7526ABFC60FA8E2D59A5AB ^
-AD0CAC6A21D5B10833DDE7FA85927D74EDA142A9 ^
-47AD337EAFFDC177AAF7CBD035BE6F398B9D0536 ^
-9CF58595DF80872535BCC7C056E223546F0BB4EE ^
-7151CEB1918278CED2902B1D663D596F8D1B986F ^
-ADDC9F09AA4026EF6C4B7F1A84D3A13B4CDC65B3 ^
-921FE78A863A317B1FA1FB3CA3BE1948DE7EF754 ^
-64BE10732D71D52CE8A486DA23E6B453DF7C6FBD ^
-4A450659470DD759ABFAE1D73972A6D2E63AC16C ^
-0D665E4BBF30B7EAB955BDE84759E185EECAB4CB ^
-0C1B8EE94D61CDD0837EAED9FE33DE4A8334B596 ^
-D93BFE2A6227A4BF9B7C61EBCE4A8CDE131593FE ^
-BDA883F804B470C90BD6AC490DFC34EBC27F9648 ^
-46A0969373552213632591C52030C38E5DBDC49E ^
-4781289E48B910C550DC23CA7D3AF5324C03532D ^
-693A34CFCDDED0F3AC72E7197FCE9BB66A8E3981 ^
-AE088AF1D8865140963B3ABFB63E32E04CD1506F ^
-ADF0F8F1D85CA97586F5DC6DC5FD11FA39270F55 ^
-E484F5AD86C5F4D09E366ADF6E0DE73449F97B28 ^
-81C49842BA3D7072FB42288E03CE737A2672C091 ^
-F6CC71AD897C23A16835490DED289BFD45500AB0 ^
-23E71AED62FE8E28F34F58E7FE5594EC5EB0486C ^
-92BA7934AA5867EE52960F4E0EDFB90AA7B69305 ^
-C3D1CC8CBD1B6FFEE0D90CE962CD9C09AB1548AA ^
-3CE37A583B71A6A77BE325066A0F00C5D11DFC3E ^
-76EF5D236E1042D356A3234A422C092F86003064 ^
-8C3F703436C6C882E60263540A8E4C3E5646DC15 ^
-6138F9F3AB43B988DD3857422CCB304352459F40 ^
-B812DE98775B4690B4FC2ECFCAB61C73C7271DC7 ^
-06660985CD80D48E7B9F88455B4233924C3B64BB ^
-76AB4B6378D6F63499A94EB67EB1CB31AFF8D775 ^
-F31F6B0BE7AB059A1F59A46481967E88392979E6 ^
-0C1638498FBB7DB9600B98B4B22EF85E0FE245FB ^
-5607C6AF600939736795AC523FA43B736F41A118 ^
-8A03244866BDD21B9D8A82E98436C894FAD86ECC ^
-8A75BFD911AF87303B9B8FB7A1A47CCA52D3D98A ^
-16F0F3B5D37411236A1E3D6B1EDAB74CDA25ED4B ^
-AC72BF45477481F58A302628DC5299FFA32E7C9F ^
-74CFFD5881F75AC20726E1447DCF7F47024380EF ^
-5BFBECEECBC27DA05729C4D1AC8C1286EA6DCEC9 ^
-012AACBC0579FA4CB4F107E9A9AD1A86AD2F6A4D ^
-F7D552CBC5EF90F1A579388B5A8A9EC71EB67681 ^
-10C70115C4C34753274BFED477DF01440A67A361 ^
-078D2FACD293B6B6219D89899C16AA1AA8E3DE82 ^
-83C6BF9FB0D3091ADF374EBFA0A69916F17E6D26 ^
-2CDB1924DA62AB64C007C6505FF657E4ADDEA9C1 ^
-E95D209BCB9864B076FF4DFCA8F8BD75D62D1B48 ^
-632824CF5025F8F90AD2923BDDF449550D64C0F5 ^
-02B1C0B41FC27EC5A32E586F1AC480BF0061E56A ^
-28156BC6769AE390BF32C6512C46169181E1536D ^
-F730E6E287D992E7F3E013B6F1E088F0B9C41598 ^
-B056A6A832FA5FE964EF77FF3E0BE1C32E0D58C0 ^
-D5B3D19AFBB48FB56BA6D44A82DE6BD08DB208DE ^
-0215AD79BD6B8023C05FD2F8966211897DF6337A ^
-EC4CF38C244EB6526A44F70570925247145DA8CA ^
-C0D931262ECE93DA5A6ABC89CD6AD3162EA6B09E ^
-6BB48FAC26AA2B4859BBDEFCFB53AE4D1D9A0340 ^
-58611D43741E67A7F0DA9CB337A59DCD1EBE758E ^
-7C2AEC216AF231509E47B7EED06BB17859812B7E ^
-F60EE5DBF4A7A676EC98B3DDB1CDD6CDF3CDA33B ^
-0492E59B1F4C94E97F29A26C3EE7D57E1B0FDD72 ^
-4FCF549D902D9BE1101A756DB9E45415FB61BCD2 ^
-95C71D26AD6B38CC771376B4A4F962F12E1E3D4F ^
-F6A2449E773C72FB886B3C43E2B30EC2A1B7454A ^
-CDE86695E00AEC9A5DB6FDDB5D5A5934448D58E0 ^
-502318A758FABFF6AC53844E9E2BCD159C678510 ^
-589D295148F95F75DAE964DD743FE981FA236D4E ^
-7973DD33AE3599A556BACC77E8656E782E029EFF ^
-9F5BE43AADD43C6DB3883C9DA4B52E1A50257AEE ^
-454289D8FFB237A56D5214EAE88F0A9D328FEA1A ^
-7E686B36595BEB4C0D4528FF960EDB55088A028D ^
-F9789D1EF19A0084AC0E9F43A4BC0EE0478939EF ^
-2F32B0E7CC8BE19C325545C816E77056D7BBE70F ^
-6B1617746F073CFCD2CEBCAFBBE6FD0E28ED2D56 ^
-CF8D2EA3888AD76761799383E5A15979F6DB7A88 ^
-557AF6D9D5947203C60E98C9A79B92B8BD085E2B ^
-C61A217423DE68ED6CD34C91756C8DD3A650A2A2 ^
-73F3F79C151B6C1BD9369EDB26B932C2362B0593 ^
-364141E5FBCDE83F210C5BBBEB6810F6299DE14B ^
-F806BECD025D264FD59E93D9E3606A674C40F216 ^
-E0C761A57F00CBFB07D49BCB034C36A7122F4C5B ^
-5D3831044B9E0032FBE3C3425FFD13698F413B33 ^
-7EB1AB41E9997753C5D530DF118E71E72D7B86FC ^
-CC053EA1556269D7E8BCBA30B208FCBF0EE2EE64 ^
-A57739B1DD41E7DC0C40D6B6159A7E73CE2748AA ^
-90DA527C9DB9ACC2FD530D560A2F1191A80D0567 ^
-6AC1F2A0B8CA0E5ABC9FDF1ADCE588FBDF5CC53E ^
-43C1A0A0EE4163EC929726989F92B03639B233AB ^
-8927F299462413AC29A74080E54D8EE2DB7165E7 ^
-0C8D7E22226D91B423E781B508F31517EAAB607B ^
-7286E20D7F08D18A893254FBD3CC833F7973DCAF ^
-0CB8C235928B8E936C43B8F29EF3758B9FD54A7B ^
-F67C24CC23E440CA3F206CEEB5504ECA54CD5CA3 ^
-D78A25DEAA1E7ADADDB3C145ED0E5263BA4F2910 ^
-00AA68174D29492C578AC853FFCD55908292D41A ^
-D5570EEDB09A62A5948F7F311F7ED5EF247F9AD9 ^
-<D
--- a/fips/sha1/sha1vectors.txt
+++ b/fips/sha1/sha1vectors.txt
--- a/makevms.com
+++ b/makevms.com
@@ -482,14 +482,16 @@ $ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
 $!
 $! Copy All The ".H" Files From The [.FIPS] Directories.
 $!
-$ FDIRS := ,SHA1,RAND,DES,AES,DSA,RSA
+$ FDIRS := ,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC
 $ EXHEADER_ := fips.h
-$ EXHEADER_SHA1 := fips_sha.h
+$ EXHEADER_SHA := fips_sha.h
 $ EXHEADER_RAND := fips_rand.h
 $ EXHEADER_DES :=
 $ EXHEADER_AES :=
 $ EXHEADER_DSA :=
 $ EXHEADER_RSA :=
+$ EXHEADER_DH :=
+$ EXHEADER_HMAC :=
 $
 $ I = 0
 $ LOOP_FDIRS: 
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 %define libmin 9
 %define librel 7
 %define librev g
-Release: 1
+Release: 2

 %define openssldir /var/ssl

@@ -121,7 +121,6 @@ rm -rf $RPM_BUILD_ROOT

 %config %attr(0644,root,root) %{openssldir}/openssl.cnf 
 %dir %attr(0755,root,root) %{openssldir}/certs
-%dir %attr(0755,root,root) %{openssldir}/lib
 %dir %attr(0755,root,root) %{openssldir}/misc
 %dir %attr(0750,root,root) %{openssldir}/private

@@ -146,6 +145,8 @@ ldconfig
 ldconfig

 %changelog
+* Sun Jun  6 2005 Richard Levitte <richard@levitte.org>
+- Remove the incorrect installation of '%{openssldir}/lib'.
 * Wed May  7 2003 Richard Levitte <richard@levitte.org>
 - Add /usr/lib/pkgconfig/openssl.pc to the development section.
 * Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -70,7 +70,9 @@

 #define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
 #include <time.h>
+#if 0 /* Experimental */
 #undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
+#endif
 #include <string.h>

 #define KRB5_PRIVATE	1
@@ -295,7 +297,7 @@ load_krb5_dll(void)
 	HANDLE hKRB5_32;
    
 	krb5_loaded++;
-	hKRB5_32 = LoadLibrary("KRB5_32");
+	hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
 	if (!hKRB5_32)
 		return;

--- a/ssl/ssl-lib.com
+++ b/ssl/ssl-lib.com
@@ -749,7 +749,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4'"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Andy Polyakov	bb67f28a1e	Move fips_test_suite rules from fips/Makefile to test/Makefile.	2005-06-27 22:08:58 +00:00
Andy Polyakov	08f7417a98	Eliminate dependency on UNICODE macro.	2005-06-27 21:14:15 +00:00
Andy Polyakov	84c881d0b5	Fix typos in apps/apps.c.	2005-06-27 16:00:57 +00:00
Andy Polyakov	f25209267f	Update fips_test_suite make rule.	2005-06-26 21:48:19 +00:00
Andy Polyakov	07cc19fcac	Revert RC4 parameters on IA64 from back-ported ones to original to preserve binary compatibility. PR: 1114	2005-06-26 17:24:48 +00:00
Andy Polyakov	34aca2b6b6	IA64 RC4 update from HEAD [see commentary in HEAD for details]. PR: 1114	2005-06-26 16:25:25 +00:00
Dr. Stephen Henson	67dbe90856	Add Argen root CAs.	2005-06-24 10:52:18 +00:00
Richard Levitte	4a29c4e39f	Someone did some cutting and pasting and didn't quite finish the job :-). Notified by Steffen Pankratz <kratz00@gmx.de>	2005-06-24 05:13:13 +00:00
Richard Levitte	0902926150	Change dir_ctrl to check for the environment variable before using the default directory instead of the other way around. PR: 1131	2005-06-23 21:15:06 +00:00
Dr. Stephen Henson	15d95d5f92	OID database had a NULL entry for NID 666. Add a real OID in its place.	2005-06-22 17:24:32 +00:00
Richard Levitte	0116eae43e	Do no try to pretend we're at the end of anything unless we're at the end of a 4-character block.	2005-06-20 22:11:21 +00:00
Richard Levitte	d01f1d89e3	Check for 'usage' and 'Usage'. Submitted by Tim Rice <tim@multitalents.net>. His comment is: I noticed "make report" didn't show the cc version on most of my System V platforms. This patch corrects this.	2005-06-20 20:45:44 +00:00
Richard Levitte	722a5c5ade	Add crypto/bn/bn_prime.h to the collection of generated files. In the update target, place the dependency on depend last, so all necessary files are generated before the dependencies are figured out. PR: 1121	2005-06-20 04:29:54 +00:00
Richard Levitte	2788e3983e	With DJGPP, it seems like the return code from grep, even when in the middle of a pipe, is noted. Counter that by forcing a true return code when the return code has no importance. PR: 1085	2005-06-19 20:31:22 +00:00
Richard Levitte	5ba3ebb593	Undefine DECRANDOM before redefining it. PR: 1110	2005-06-19 20:20:29 +00:00
Richard Levitte	2b19ce86dc	Don't put C++ comments in a C file.	2005-06-19 20:00:47 +00:00
Richard Levitte	140e5c3f3b	Add better documentation on how id_function() should be defined and what issues there are. PR: 1096	2005-06-18 05:52:20 +00:00
Richard Levitte	77bc62c3a7	Move the definition of DEVRANDOM for DJGPP from Configure to e_os.h. That should solve the issues with propagating it through the Makefiles. PR: 1110	2005-06-18 04:42:29 +00:00
Richard Levitte	42f335ca0e	Only define ZLIB_SHARED if it hasn't already been defined (on the command line, for example). PR: 1112	2005-06-18 04:32:18 +00:00
Richard Levitte	43b30bf2c8	Have pod2man.pl accept '=for comment ...' before the '=head1 NAME' line. PR: 1113	2005-06-18 04:27:11 +00:00
Nils Larsch	06e12403e0	clear dso pointer in case of an error PR: 816	2005-06-17 21:14:35 +00:00
Nils Larsch	03b3a0d022	update for the cswift engine: - fix the problem described in bug report 825 - fix a segfault when the engine fails to initialize - let the engine switch to software when keysize > 2048 PR: 825, 826 Submitted by: Frédéric Giudicelli	2005-06-17 20:26:07 +00:00
Richard Levitte	f840728f43	Do not undefine _XOPEN_SOURCE. This is currently experimental, and will be firmed up as soon as it's been verified not to break anything.	2005-06-16 22:21:39 +00:00
Andy Polyakov	30fc34625c	Make sure detached fingerprints are installed [as well as minor cygwin and hpux updates].	2005-06-14 12:29:34 +00:00
Andy Polyakov	18f3210a35	Make human-readable error messages more human-friendly.	2005-06-14 12:18:47 +00:00
Nils Larsch	82da9623bf	update FAQ	2005-06-13 08:38:29 +00:00
Richard Levitte	7c0341dbc4	Show what the offending target was. PR: 1108	2005-06-13 02:38:07 +00:00
Ben Laurie	7450139b8b	Default sensibly when in FIPS mode.	2005-06-10 20:49:10 +00:00
Nils Larsch	e85e5ca5ec	- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an error if the cipher list is empty - fix last commit in ssl_create_cipher_list - clean up ssl_create_cipher_list	2005-06-10 20:00:39 +00:00
Dr. Stephen Henson	67cdaca99d	Remove CRs from files.	2005-06-10 00:41:25 +00:00
Andy Polyakov	b00f715c96	Eliminate gcc -pedantic warnings.	2005-06-09 21:37:30 +00:00
Andy Polyakov	098927c384	Allow for dso load by explicit path on HP-UX.	2005-06-09 20:47:41 +00:00
Nils Larsch	0eb8e0058c	use "=" instead of "\|=", fix typo	2005-06-08 22:24:27 +00:00
Richard Levitte	56c55b0655	Avoid endless loops. Really, we were using the same variable for two different conditions...	2005-06-08 21:59:51 +00:00
Andy Polyakov	e17d60d5fb	Fix couple gcc 4 warnings, reformat comment.	2005-06-08 21:27:34 +00:00
Nils Larsch	e32b08abc3	ssl_create_cipher_list should return an error if no cipher could be collected (see SSL_CTX_set_cipher_list manpage). Fix handling of "cipher1+cipher2" expressions in ssl_cipher_process_rulestr. PR: 836 + 1005	2005-06-08 21:16:32 +00:00
Andy Polyakov	2776beb91a	Mask new fips_*vs test programs in non-fips builds.	2005-06-07 19:56:52 +00:00
Andy Polyakov	dca20343e0	Simplify ssltest compile rule.	2005-06-07 16:36:52 +00:00
Andy Polyakov	e99f6700e1	Simplified shortcut from FIPS_mode_set.	2005-06-07 16:36:21 +00:00
Andy Polyakov	3da3c85a3f	Fix typos and add missing lines in Makefile.	2005-06-07 14:08:54 +00:00
Andy Polyakov	d58d546e2d	Initial support for DSO FIPS fingerprinting.	2005-06-07 12:39:27 +00:00
Andy Polyakov	780b97aba6	Ad-hoc DSO_pathbyaddr for selected platforms from HEAD in FIPS context.	2005-06-07 10:49:35 +00:00
Andy Polyakov	e0ec2d772c	Set OPENSSL_PIC flags for shared builds [from HEAD].	2005-06-07 10:48:24 +00:00
Dr. Stephen Henson	5fbf6769fc	Update from head.	2005-06-06 22:42:35 +00:00
Dr. Stephen Henson	7bf79446c8	Delete test error print.	2005-06-06 18:05:00 +00:00
Richard Levitte	bdee60fc1a	Skipping all tests just because one algorithm is disabled seems a bit harsch. PR: 1089	2005-06-06 08:38:13 +00:00
Andy Polyakov	0b62d2f4c9	Don't mention Makefile.ssl and don't mention Solaris x86 ld bug, as it's not relevant in 0.9.7 context.	2005-06-06 08:38:03 +00:00
Richard Levitte	4375ca95a4	Document the change.	2005-06-05 23:17:53 +00:00
Richard Levitte	acce7b5963	Remove the incorrect installation of '%{openssldir}/lib'. PR: 1074	2005-06-05 23:15:18 +00:00
Richard Levitte	c5098ee16f	Old typo... PR: 1097	2005-06-05 21:54:59 +00:00
Andy Polyakov	6d0e43d555	./PROBLEMS update from HEAD.	2005-06-05 18:09:24 +00:00
Richard Levitte	9f32d49de9	The macro THREADS was changed to OPENSSL_THREADS a long time ago. PR: 1096	2005-06-04 08:44:05 +00:00
Dr. Stephen Henson	db84c9075b	Use correct config file environment variable.	2005-06-02 23:16:33 +00:00
Dr. Stephen Henson	e96fad9d2d	Typo.	2005-06-02 20:30:03 +00:00
Dr. Stephen Henson	0c7b06714e	Add CHANGES entry for PSS and X9.31 padding.	2005-06-02 20:08:30 +00:00
Andy Polyakov	d893001918	fips/*/Makefile updates to accomodate new VSes.	2005-06-02 19:15:15 +00:00
Richard Levitte	b8bd781b7e	Synchronise some more with the Unix build.	2005-06-02 19:08:41 +00:00
Andy Polyakov	bb792a485a	Make PSS more flexible, most notably assign special meaning to negative sLen values: -1 -> sLen = hLen, -2 -> sLen autochosen/autorecovered.	2005-06-02 18:07:16 +00:00
Andy Polyakov	452421d059	Comply with .sam[ple].	2005-06-02 18:01:09 +00:00
Dr. Stephen Henson	ea8399724e	Remove redundant reference, which produces a warning (??) in gcc 3.4.2.	2005-06-02 01:18:25 +00:00
Dr. Stephen Henson	26655341fc	Update symbols. Add #ifdef OPENSSL_FIPS in various places.	2005-06-02 00:09:25 +00:00
Dr. Stephen Henson	5858d32a59	Fixes for unusual key lengths an PSS.	2005-06-01 22:06:46 +00:00
Nils Larsch	0dfe532ea9	clear error queue on success and return NULL if cert could be read PR: 1088	2005-06-01 08:36:38 +00:00
Nils Larsch	5c567ffd4c	fix assertion	2005-05-31 20:39:54 +00:00
Richard Levitte	3bc1781994	Synchronise with the Unix build...	2005-05-31 20:29:23 +00:00
Dr. Stephen Henson	485bcc9cab	Preliminary support for X9.31 RSA key generation for FIPS. Included prime derivation, random prime generation, test program and new option to genrsa.	2005-05-31 12:38:03 +00:00
Richard Levitte	bb1bbb3274	Synchronise with Unixly build	2005-05-30 22:26:22 +00:00
Dr. Stephen Henson	4bd7bc97e8	make update	2005-05-29 12:30:21 +00:00
Dr. Stephen Henson	4d4339922c	Stop warnings.	2005-05-29 12:22:05 +00:00
Richard Levitte	c3d03b70af	We have some source with \r\n as line ends. DEC C informs about that, and I really can't be bothered...	2005-05-29 12:13:05 +00:00
Dr. Stephen Henson	e4c2c550b9	Add X9.31 signature support, mainly for FIPS140. Add new option to rsautl and include options to use X9.31 in tests.	2005-05-28 20:15:48 +00:00
Dr. Stephen Henson	570357b7a8	Add PSS support to tests.	2005-05-28 11:18:44 +00:00
Dr. Stephen Henson	7044d328a2	Add PSS support. Minimal at this stage for FIPS140.	2005-05-27 21:59:52 +00:00
Dr. Stephen Henson	35d7cc8166	Error checking.	2005-05-27 21:22:48 +00:00
Bodo Möller	80790d89ec	Use BN_with_flags() in a cleaner way. Complete previous change: Constant time DSA [sync with mainstream].	2005-05-27 15:39:15 +00:00
Andy Polyakov	7bad200b49	Constant-time RSA [sync with mainstream]. Submitted by: bodo	2005-05-27 08:12:44 +00:00
Andy Polyakov	6b6f64da2d	Constant time DH [sync with mainstream]. Submitted by: bodo	2005-05-27 08:11:16 +00:00
Andy Polyakov	31def5ae59	Constant-time DSA signing [sync with mainstream]. Submitted by: bodo	2005-05-27 06:42:11 +00:00
Andy Polyakov	713407a5c7	fips/sha1 -> fips/sha remains.	2005-05-26 23:09:02 +00:00
Andy Polyakov	db73333585	Remove fips/sha1/*.	2005-05-26 23:01:20 +00:00
Andy Polyakov	84c9b6edb1	Throw in SHAmix test vectors.	2005-05-26 22:17:55 +00:00
Andy Polyakov	e609c04994	Rename fips/sha1 to fips/sha.	2005-05-26 21:29:10 +00:00
Dr. Stephen Henson	53cfa36d37	Allow zero length messages and make format look more like samples.	2005-05-26 18:48:24 +00:00
Dr. Stephen Henson	b10bd63df3	FIPS SHA* test for new format.	2005-05-26 18:31:53 +00:00
Bodo Möller	44a287747f	make sure DSA signing exponentiations really are constant-time	2005-05-26 04:40:42 +00:00